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Rethinking^networkedtlin 


The  third  of  a  six-part  series,  we  spotlight  the  latest  trends  in  enterprise  storage  and  provide 
expert  advice  on  how  to  design  for  the  new  data  center.  Supplement  begins  after  page  42. 
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security 


|m  the  first-ever  public  test  of  VoIP 
1  d  I  security,  Cisco  and  Avaya  set  up 
secure  VoIP  networks  in  Network  World  Lab 
Alliance  partner  Miercom’s  facility  in  New 
Jersey.  Then  we  set  loose  our  four-person 
attack  team.  The  results:  Cisco’s  network 
was  impenetrable;  it  survived  dozens  of 
attacks  during  a  three-day  bombardment. 
Of  course,  the  setup  also  required  six  Cisco 
security  gurus.  Avaya’s  no-frills,  out-of- 
the-box  setup  had  some  holes,  but  its 
more  hardened  security  configuration 
performed  much  better. 
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Cisco  aims  to  own 
used-gear  market 


■  BY  PHIL  HOCHMUTH 

Cisco  is  quietly  rallying  its  sales 
force  to  push  its  refurbished 
equipment  —  at  25%  to  30%  sav¬ 
ings  over  new  products  —  in 
order  to  keep  customers  from  de¬ 
fecting  to  gray-market  vendors  of 
Cisco  or  rival  products. 

Cisco  says  its  re-marketed  gear 
not  only  costs  less  but  is  easier  to 
license  and  support  because  the 
company  does  not  honor  war¬ 
ranties,  10S  software  licenses  or 
support  contracts  for  gear  pur- 


Microsoft 
scrambling 
to  secure 
Web  services 

■  BY  JOHN  FONTANA 

Microsoft  this  week  is  sched¬ 
uled  to  plug  a  major  gap  in  its 
perimeter  security  software  by  in¬ 
tegrating  a  partners  XML  filtering 
and  acceleration  technology  into 
its  firewall  and  caching  server. 
The  move  is  designed  to  let  cor¬ 
porate  users  secure  the  flow  of 
Web  services  traffic. 

At  its  1 1th  annual  Tech  Ed  con¬ 
ference  in  San  Diego,  Microsoft 
plans  to  showcase  XML  upgrades 
to  Internet  Security  and  Acceler¬ 
ation  (ISA)  Server  2004.  ISA  is  an 
See  Microsoft  page  14 


chased  from  second-hand  deal¬ 
ers  or  at  auctions. 

But  while  Cisco  is  peddling  its 
own  used  gear  more  aggressively, 
many  users  still  prefer  the  50%  to 
75%  markdowns  offered  by  sec¬ 
ond-hand  dealers  outside  of 
Cisco’s  authorized  channels.  At 
those  prices,  some  say,  it’s  worth 
jumping  over  the  hurdles  Cisco 


puts  up  for  used-gear  licensing 
and  support. 

Cisco  last  month  touted  its 
Authorized  Remarketing  Program 
as  a  way  for  its  resellers  to 
counter  gray-marketers  and  other 
vendors  offering  low-ball  deals. 
Although  Cisco  started  its  refur¬ 
bishment  program  in  2000,  it  was 
See  Cisco,  page  18 


H  A  Wider  Net 

Pneumatic  nets  haven’t 
gone  down  the  tubes 

Why  is  that?  Try  delivering  bottles  of  pills  over 
Ethernet,  explains  one  hospital  exec. 


■  BY  STEPHEN  LAWSON 


User  authentication, 
security  and  traffic  pri¬ 
oritization  are  hot  top¬ 
ics  for  Ken  Moeller,  as  they 
are  for  so  many  in  the  net¬ 
work  business.  Then  there’s 
the  felt  that  keeps 


wearing  out. 

The  felt  is  on  the  outside  of 
cylindrical  carriers  —  usually 
plastic  and  6  inches  in  diam¬ 
eter  —  that  zip  through  net¬ 
works  of  tubes  in  and  even 
See  Pneumatic,  page  20 


New  York's  postal  tube 
network  operated 
from  the  late 
1800s  into  the 
1950s. 
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2:21  pm  No  one  accosts  you  on  way 
to  laser  printer  asking  for  help  updating 
corporate  forms  for  Tokyo  office. 
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Introducing  the  new  Microsoft  Office  System. 

Now  users  can  do  more  for  themselves  so  you  can  focus 
on  the  important  things.  More  than  just  the  core  suite 
you're  familiar  with,  the  new  Microsoft*  Office  System  is 
an  integrated  system  of  easy-to-use,  expanded  programs, 
servers,  services,  and  solutions  that  help  end  users  be 
more  self-sufficient.  With  Microsoft  Office  InfoPath™  2003, 
customer  defined  XML  and  web  services,  and  Microsoft 
Office  SharePoint™  Portal  Server  2003,  users'  documents 
and  forms  can  be  automatically  updated  with  the  latest 
information.  So  now  everyone  knows  they  have  the  most 
current  version,  minimizing  rework  and  data  reentry. 

And  less  busywork  for  them  means  even  less  busywork 
for  you.  To  find  out  how  the  Microsoft  Office  System 
can  work  for  you,  go  to  microsoft.com/officelT 
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Microsoft 
Office  System 

More  than  what  it  used  to  be,  it's  now  a 
comprehensive,  customizable  system. 

Programs 

Servers 

Services 

Access  2003 

PowerPoint®  2003 

Project  Server  2003 

Live  Meeting 

Excel  2003 

Project  2003 

Live  Communications 

Office  Online 

Frontpage®  2003 
InfoPath™  2003 
OneNote™  2003 
Outlook®  2003 

Publisher  2003 

Visio®  2003 

Word  2003 

Server  2003 

Exchange 

Server  2003 

SharePoint™  Portal 
Server  2003 

Solutions 

Solution  Accelerators 

Enabling  Technologies: 

Windows  Server™  2003,  Windows®  SharePoint  Services, 
Rights  Management  Services 
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Purchase  a  subscription  to  the  Java  Enterprise  Developer  Promotion  and  get  a  free  Sun  Fire™  V 20z 
AMD  Opteron-based  server  today.2 


;T  THE  BLUEPRINT  IN  THE  BACKGROUND  DEMONSTRATES  THE  WORLD-CLA 
S  AND  ARCHITECTURE  OP  THE  SUN  JAVA  ENTERPRISE  SYSTEM.  TODAY,  50  i 
v' i  JAVA  ENTERPRISE  SYSTEM  TO  DELIVER  NETWORK  SERVICES  TO  OVER  11 
AND  MILLIONS  OF  THEIR  CUSTOMERS  WHILE  SLASHING  IT  COSTS. 

V>.  v  .• 


FIND  OUT  HOW  MUCH  YOU  CAN 

GET  AND  HOW  MUCH  YOU  CAN  SAVE  AT: 

SUN.COM/JES 
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microsystems 

The  Network  is  the  Computer 


■  1.  PRICING  IS  US  UST  PRICE.  ALL  PRICES  ARE  QUOTED  IN  U.S.  DOLLARS.  2.  OFFER  VALID  IN  THE  US.  AND  THROUGH  SUN  STORE  ONLY.  PROMOTION  VALID  THROUGH  JUNE  30,  2004,  FOR  A  LIMITED  TIME  ONLY,  GET  THE  JAVA  ENTERPRISE  DEVELOPER  PROMOTION. 
A  VALUE  OF  OVER  U.S.  $7000,  FOR  ONLY  U.S.  $1 499  PER  YEAR  FOR  A  3-YEAR  SUBSCRIPTION.  SEE  WEBSITE  FOR  DETAILS. 

%2004  SUN  MICROSYSTEMS.  INC  ALL  RIGHTS  RESERVED.  SUN,  SUN  MICROSYSTEMS.  THE  SUN  LOGO,  JAVA,  THE  JAVA  LOGO.  SUN  FIRE  AND  THE  NETWORK  IS  THE  COMPUTER  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  OF  SUN  MICROSYSTEMS,  INC  IN 
THE  UNITED  STATES  AND  OTHER  COUNTRIES. 


Sun  Java'  Enterprise  System. 

Everything  you  need  to  run  your  business.  Email,  instant  messaging,  calendar,  application  server, 
portals,  network  identity,  clustering,  web  server,  security,  enterprise  messaging,  interoperability,  web 
service  delivery,  directory,  firewalls,  streaming  video,  grid  computing  and  more  -  ail  for  a  single 
price  of  SlOO/employee/year,1  with  an  unlimited  right  to  use.  All-inclusive,  no  hidden  costs.  Software, 
service  and  support  included.  Our  bet  is  that  you  never  spend  too  much  on  IT  again. 
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10  Cometa’s  demise  called  isolated  event,  not  an  indictment  of  Wi-Fi. 


Features 


■  10  Retailers  offer  differing  views  of  immediate  RFID  potential. 

■  10  Contest  brings  out  entrepreneurial  spirit. 

■  12  WLAN  switch  execs  reconvene  for  dinner,  dishing. 

■  14  Microsoft  resets  direction  on  Commerce  Server. 

■  16  Life  after  Verizon  sees  BBN  returning  to  its  roots. 

■  18  Experts  disagree  on  seriousness  of  Cisco  108  code  theft. 

■  104  AT&T’s  wireless  deal  with  Sprint  raises  a  few  eyebrows. 


Infrastructure 

■  21  Blade  servers  get 
integrated. 


Net.Worker 

■  71  Personal  servers  poised  to 
simplify  remote  work. 


Breaking  through 

In  the  first-ever  public  test  of  VoIP  security,  we  invited 
Cisco  and  Avaya  to  set  up  secure  VoIP  networks  in 
Network  World  Lab  Alliance  partner  Miercom's  facility,  Then 
we  set  loose  our  four-person  attack  team  —  including 
Lab  Alliance  member  Rodney  Thayer  on  the  West  Coast. 

The  results:  Cisco's  network  was  impenetrable:  it  survived 
dozens  of  attacks  during  a  three-day  bombardment.  Of 
course,  it  also  required  six  Cisco  security  gurus.  Avaya’s 
no-frills,  out-of-the-box  setup  had  some  holes,  while 
Avaya's  more  hardened  security  configuration  performed 
much  better.  Page  83. 


■  21  PolyServe  to  cluster 
Windows  servers. 

■  22  New  hardware  brings  10G 
LANs  closer  to  reality. 

■  23  Virtual  tape  gets  a  boost. 

■  23  Dell  pumps  up  PDA  with 
Bluetooth  support. 

■  24  IBM,  Cisco  partner  on  IP 
services,  products. 

■  24  Kevin  Tolly:  Linux  creeps 
into  the  enterprise. 

Enterprise 

Applications 

■  27  Wells  Fargo  unifies  portal 
infrastructure. 

■  27  Start-up  adds  smarts  to  Web 
services. 

■  30  Sygate's  new  devices  batten 
down  net  endpoints. 

■  30  Core  Security  unwraps 
security-test  tool. 

■  32  Scott  Bradner:  UFOs 
and  flying  penguins. 

■  36  Special  Focus:  Citrix 
shifts  gears:  users  wary. 

Service  Providers 

■  39  IP  nets  measure  up,  Part  2: 
Performance  depends  on  what 
metric  we're  talking  about. 

■  39  Multiservice 
edge  vendors 
angle  for  position. 

■  41  Johna 
Till  Johnson: 

Voice  and  data: 

Three  big  myths. 


■  71  What’s  next  for  HomePlug, 

■  72  Toni  Kistner:  Digital 
home  visions  extend  beyond 
entertainment. 

Technology 

Update 

■  74 10GBase-CX4  lowers  10G 
Ethernet  cost. 

■  74  Steve  Blass:  Ask  Dr 

Internet. 

■  76  Mark  Gibbs:  RSS 

technology,  final  take. 

■  76  Keith  Shaw:  Tablets: 

Great  hardware,  OS  is  just  OK. 

Opinions 

■  78  On  technology:  Focus  on 
processes,  not  the  technology, 

■  79  Edward  Horrell: 

Wireless'  new  target:  The  enterprise. 

■  79  James  Kobielus:  Grid 
not  ready  for  prime  time. 

■  108  BackSpin:  Just  say  no 
(receipt). 

■  108  'Net  Buzz:  Pumped  up 
about  visit  to  Gasbuddy.com. 

■  99  Career  classifieds. 

Management 
Strategies 

■  91  Don't  blame  the  network: 
Testing  software  before  a 
rollout  helps  curtail 
finger-pointing  about  poor 
performance. 

Toshiba's  Portege 
M205  has  a  swivel 
„  .  screen.  Page  76. 
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Exclusive 

Inside  10G  Ethernet  testing 

Network  World  Lab  Alliance  member  David  Newman  discusses  the  ins  and 
outs  of  testing  10G  Ethernet  gear.  DocFinder:  2133 

Network  World  Mini  Showdown: 

Security:  Build  it  or  buy  it? 

Bruce  Schneier  of  Counterpane  Internet  Security  and  Nir  Zuk  of 
NetScreen  Technologies  debate  whether  it's  best  to  buy  components 
and  piece  together  best-of-breed  custom  defenses,  or  simply  procure 
security  as  a  service  and  leave  the  driving  to  the  experts? 

DocFinder  2052 

Network  World  Mini  Showdown: 

The  New  Data  Center 

Network  World's  John  Gallant  moderates  a  presidential-style  debate 
(complete  with  mud-slinging)  between  two  innovative  vendors  of 
equipment  for  the  new  data  center:  Redline  and  NetScaler.  Hear  them 
duke  it  out  over  which  vendor  has  the  best  offering  for  your  data 
center.  DocFinder  2053 

Seminars  and  Events 


Are  you  totally  secure  in  your  enterprise 
security  management? 

Are  you  managing  your  network  as  a  security  intelligence  asset?  Find 
out  how  and  get  the  answers  you  need  at  Enterprise  Security: 
Fail-Safe  Architecture,  a  new  Network  World  Technology  Tour  Event. 
Click,  qualify  and  attend  free. 

DocFinder  1856 
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Columnists 

Wireless  Wizards 

Is  802.11a  like  Betamax? 

The  Wizards  answer  the  question:  "Is  802,11a  the  Betamax 
vs.  VHS  of  wireless  networking?  Why  haven't  companies 
adopted  802.11a?" 

DocFinder  2134 

Nutter's  Help  Desk 

Learning  more  about  how  viruses  and  worms  work 
Help  Desk  Guru  Ron  Nutter  looks  at  free  resources  you  can 
use  to  better  protect  your  network. 

DocFinder  2135 

Small  Business  Tech 

Rethinking  e-mail  management 

Columnist  James  Gaskin  says  with  viruses  and  spam,  e-mail 

server  duty  costs  more  than  you  think. 

DocFinder  2136 

HomeLAN  Adventures 

Creating  a  hybrid  wireless  and  power-line  network 
Although  setup  took  too  long,  columnist  Keith  Shaw  says  that 
in  the  end,  the  technologies  played  well  together. 

DocFinder  2137 

Breaking  News 

Go  online  for  breaking  news  every  day.  DocFinder  6342 
Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topes 

DocFinder:  6343 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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TheGoodTheBadlheUgly 


Knock  on  wood. 

We’re  a  little  worried  about 
getting  splinters,  but 
otherwise  it  seems  like 
Swedish  company  Swedx 
has  a  good  idea  for  spiffing 
up  the  office.  The 
company  makes  wooden 
keyboards,  mice  and 
computer  monitors,  and 
says  it  plans  to  show  them 
off  at  this  week’s  Cebit 
America.  > 


©  Interop  leftover. 

We’ve  all  heard  of  classic  IT  companies 
started  up  in  garages,  but  here's  a  new  one.  One 
panel  leader  earlier  this  month  at  NetWorld+Interop  accosted  a  panel 
member  to  ask  him  why  he  hadn’t  registered  for  the  show.  The  puzzled  speaker 
insisted  he  had,  only  to  realize  upon  looking  more  closely  at  his  badge  that  he'd 
accidentally  registered  for  the  neighboring  International  Garage  Door  Exposition. 

Cell  songs.  What's  worse  than  having  a  ringtone  version  of  “When  the  Saints 
Go  Marching  In"  interrupt  a  meeting,  movie  or  other  activity?  Try  having  to  hear 
a  nearby  cell  phone  user  doing  a  karaoke  version  of  OutKast's  "Hey  Ya."  We’re 
afraid  it's  true:  Engineers  at  Sharp  and  Toshiba  have  come  up  with  new  handsets 
that  can  double  as  portable  karaoke  machines.  Naturally  enough,  the  phones  will 
become  available  first  this  year  in  Japan. 


Teliabs  to  pay  $1.9  billion  for  AFC 

9  Teliabs  is  buying  Advanced  Fiber  Communications  for  $1.9  bil¬ 
lion,  bringing  high-speed  access  gear  to  Teliabs’  portfolio  and  a 
five-year  contract  to  provide  fiber  to  the  premises  gear  to  Verizon. 
The  deal,  expected  to  close  by  year-end,  will  result  in  a  company 
that  can  provide  access  and  transport  gear  to  major  carriers. 
Teliabs  historically  has  been  a  major  supplier  to  the  RBOCs  of  dig¬ 
ital  cross-connect  transport  switches  —  circuit  switching  gear. The 
acquisition  represents  another  step  in  the  reshaping  of  Teliabs  to 
supply  packet-based  gear  to  service  providers.That  transformation 
has  meant  massive  layoffs  and  aggressive  acquisitions  of  technol¬ 
ogy  that  let  the  company  branch  out  into  new  areas. 

Symantec,  Entrust  buying  anti-spam  companies 

■  Anti-spam  companies  were  popular  acquisitions  last  week,  as  Symantec  announced  it 
has  signed  an  agreement  to  purchase  anti-spam  gateway  software  vendor  Brightmail  for 
$370  million  and  Entrust  said  it  has  agreed  to  buy  Canadian  firm  AmikaNow.a  provider  of 
e-mail  content  scanning  and  anti-spam  tools,  for  an  undisclosed  price.  Symantec  four 
years  ago  took  an  11%  equity  stake  in  Brightmail,  which  has  integrated  Symantec’s  anti¬ 
virus  filtering  technology  Symantec  already  offers  an  enterprise  product  called  Symantec 
Mail  Security  for  SMTP  Gateway  that  includes  Symantec’s  anti-spam  technology 

ICANN  wins  a  round  in  battle  vs.  VeriSign 

■  A  federal  judge  has  dealt  a  setback  to  VeriSign  in  its  lawsuit  against  the  Internet 
Corporation  for  Assigned  Names  and  Numbers,  the  nonprofit  corporation  responsible 
for  managing  the  Internet’s  DNS.  Judge  A.  Howard  Matz  dismissed  VeriSign’s  claim  that 
ICANN  had  violated  anti-trust  law  by  stifling  the  introduction  of  new  VeriSign  services, 
but  the  judge  gave  the  Internet  domain  name  registrar  until  June  7  to  try  again  to  make 
its  anti-trust  argument.  VeriSign  filed  the  suit  against  ICANN  in  February  alleging  that 
ICANN  has  strayed  from  its  1998  charter  agreement  to  be  a  technical  coordination  body 
and  has  hampered  the  introduction  of  VeriSign  services  such  as  internationalized 
domain  names  and  a  wait-list  service  for  expired  domain  names.  The  ruling  covered 
only  the  first  of  seven  claims  VeriSign  made,  according  to  a  company  spokesman. The 
other  six  claims  allege  breach  of  contract,  covering  a  1998  agreement  between  VeriSign, 
ICANN  and  the  U.S.  Department  of  Commerce,  which  was  renewed  in  2000,  he  said. 

Group  forms  to  advance  enterprise  architecture 

fl  A  band  of  IT  executives  have  teamed  to  launch  an  alliance,  the  Enterprise  Architecture 
Interest  Group,  which  aims  to  help  companies  develop  and  share  tips  on  building  well- 
structured  IT  systems. The  fledgling  group  plans  to  release  next  month  its  first  creation,  a 
set  of  12  meta  models  intended  as  architectural  building  blocks.  It  also  has  working 
groups  studying  ways  to  measure  the  benefits  of  formalizing  an  enterprise  architecture, 

COMPENDIUM 

Honeypot  to  go 

The  Honeywal!  CDR0M  is  an  entire  open  source  system  on  a  disk  for  watching  hack¬ 
ers  try  to  get  into  a  system.  It  consists  of  a  “minimized"  version  of  Linux  along  with 
all  the  tools  you'd  need  to  quickly  start  tracking  the  miscreants. 

Download  it  at  www.nwfusion.com,  DocFinder:  2138. 


and  developing  value  models  for  use  by  EAIG  members  and  their  organizations.  Founding 
member  Richard  Taggart,  chief  architect  at  General  Motors,  said  EAIG’s  goal  is  to  create 
standards,  methods  and  practices  for  enterprise  architecture.  For  now,  the  group  is  exclud¬ 
ing  vendors,  preferring  to  stay  vendor-neutral  and  base  its  work  on  users’  input. 

Lawmaker  urges  CAN-SPAM  enforcement 

B  The  chairman  of  a  U.S.  Senate  committee  called  for  more  federal  enforcement  of  a 
new  anti-spam  law  amid  reports  last  week  that  the  amount  of  spam  sent  to  U.S.  con¬ 
sumers  might  be  rising,  not  dropping, since  the  law  went  into  effect  in  January. Sen.  John 
McCain  (R-Ariz.)  questioned  why  the  Federal  Trade  Commission  hasn’t  focused  on  the 
companies  using  spammers  to  advertise  their  products  while  that  agency  attempts  to 
enforce  the  Controlling  the  Assault  of  Non-Solicited  Pornography  and  Marketing  Act.The 
FTC  and  federal  law  enforcement  officials  brought  CAN-SPAM  and  other  charges 
against  two  alleged  spamming  companies  in  late  April,  but  McCain  urged  the  FTC  and 
the  FBI  to  step  up  their  enforcement  efforts  against  spammers,  including  child  pornog¬ 
raphy  spammers.  Representatives  of  spam-filtering  service  Fostini  and  the  Consumers 
Union  told  the  committee  that  the  amount  of  unsolicited  commercial  e-mail  continues 
to  rise  after  CAN-SPAM  became  law.  Postini,  which  processes  about  1.3  billion  e-mails 
per  week,  has  seen  the  percentage  of  spam  in  that  e-mail  processed  increase  from  78% 
to  83%  since  CAN-SPAM  went  into  effect. 

Bill  would  offer  tax  credit  for  tech  training 

B  The  Computing  Technology  Industry  Association  cheered  the  introduction  of  legisla¬ 
tion  in  the  U.S.  House  of  Representatives  last  week  that  would  let  many  taxpayers,  includ¬ 
ing  employers  and  laid-off  workers,  receive  a  tax  credit  of  up  to  $4,000  per  year  for  tech¬ 
nology  training. The  Technology  Retraining  And  Investment  Now  Act  of  2004,  known  as 
the  TRAIN  Act,  would  allow  the  tax  credit  on  qualified  expenses  used  for  technology- 
related  training.  Workers  could  get  50%  of  their  training  costs  reimbursed  each  year,  get¬ 
ting  up  to  $4,000  back.  In  some  economically  poor  areas, workers  could  get  up  to  $5,000 
of  training  costs  given  back  in  the  tax  credit.The  credit  could  be  used  by  employed  and 
unemployed  workers,  and  employers. 


AT&T  and  AT&T  Wireless: 

Two  companies  to  contend  with. 
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Sprint: 

One  company 
to  count  on. 
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Your  business  will  enjoy  integrated  wireline  and  wireless  service 
from  the  same  company  -  Sprint. 

By  dealing  with  one  company  when  doing  business  with  Sprint, 
you'll  benefit  from: 

•  End-to-end  accountability 

•Wireless  and  wireline  integrated  and  managed  as  one  seamless  network 

•  Smoother  migration  and  fewer  headaches 

Get  the  facts  at  sprint.com/facts  or  call 
866-700-0029  for  a  Business  Representative. 
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Oometa  succumbs,  Wi-Fi  carries  on 


■  BY  DENISE  PAPPALARDO 

Big-name  backers,  bravado  and 
media  fanfare  might  get  a  start-up 
momentum  when  launching,  but 
they  weren’t  enough  to  keep  Wi-Fi 
service  provider  Cometa  Net¬ 
works  afloat. 

Last  week  Cometa  announced 
its  demise  only  17  months  after 
debuting  amid  much  hoopla. 

Industry  watchers  say  the  fail¬ 
ure  says  a  lot  about  Cometa,  but 
not  necessarily  much  about  the 
future  of  Wi-Fi. 

“This  is  more  of  an  isolated 
event,”  says  Amy  Cravens,  a  senior 
analyst  at  In-Stat/MDR.  “Cometa 
came  out  of  the  chute  with  big 
plans . . .  but  it  wasn’t  the  right  time 
or  the  right  place.” 

Backed  by  AT&T,  IBM  and  Intel, 
Cometa  boasted  that  it  would 
change  the  face  of  the  public  Wi¬ 
Fi  service  market  with  its  whole¬ 
sale  approach.  The  company 
promised  to  build  20,000  access 
points  in  two  years,  but  managed 
only  about  200. 

In  December  2002,  investors 
scoffed  at  the  possibility  that 
Cometa  was  trying  to  do  too 
much.  “Apax  [Partners]  and  3i 
[Cometa’s  two  investors]  have 


Coming  up  short 

Cometa  initially 
promised  20,000  hot 
spots  in  50  markets 
but  delivered  only 
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hot  spots  in  a  dozen 
areas  before  closing 
shop. 
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very  substantial  [financial]  capa¬ 
bilities,”  said  Ted  Schell  of  Apax. 
“We  don’t  see  any  problems 
around  [Cometa]  having  enough 
capital  to  carry  this  out.” 

The  company  was  funded  with 
about  $5  million  to  $6  million, 
according  to  reports, and  that  was 
enough  to  get  it  off  the  ground. 

“They  wanted  to  get  big  carriers 
and  get  them  to  commit  big  dol¬ 
lars  for  a  network  they  were  going 
to  build,”  says  Dave  Hagen,  presi¬ 
dent  and  COO  of  Boingo  Wir¬ 
eless,  a  public  access  Wi-Fi  net¬ 
work  aggregator.  That  means  that 
Cometa  wanted  the  service  pro¬ 
viders  to  pay  for  its  network  build¬ 
out,  and  that  wasn’t  attractive  to 


Contest  brings  out 
entrepreneurial  spirit 

■  BY  NETWORK  WORLD  STAFF 


Some  propose  a  better  way  to  build  wireless  networks.  Others  are 
focused  on  improving  networks  for  vertical  markets,  such  as  health¬ 
care.  Still  others  think  they  can  help  companies  migrate  from  legacy 
to  IP  networks  more  easily 

Entrepreneurs  zeroing  in  on  issues  such  as  these  were  among  the 
nearly  60  people  who  have  entered  Network  World's" Who  Wants  to 
be  an  Entrepreneur?”  contest.  Entrants’  job  descriptions  range  from 
network  managers  at  large  and  small  companies  to  those  in  consult¬ 
ing  or  at  vendors. 

The  winner,  to  be  announced  in  Network  World  on  June  28,  will 
receive  $30,000  in  cash  and  services. 

Entries,  many  of  which  flooded  in  on  the  contest  deadline  day  of 
May  17,  are  now  in  the  process  of  being  vetted  by  a  judging  panel  of 
Network  World  editors,  venture  capitalists  and  others. 

The  contest,  developed  by  Network  World  in  conjunction  with 
Commonwealth  Capital,  a  venture  capital  firm  in  Wellesley,  Mass.,  is 
sponsored  by  public  relations  firm  fama  PR  of  Cambridge,  Mass., ser¬ 
vice  provider  Qwest  Communications  of  Denver  and  the  law  firm  of 
Testa,  Hurwitz  &  Thibeault  of  Boston.  ■ 


CONTEST  SPONSORS 


Testa,  Hurwitz  &  Thtbeault,  up 


fama 

PR 


Qwest 


many  he  says. 

If  the  carriers  weren’t  willing  to 
kick  in  more,  neither  were  Apax 
nor  3i,  both  of  which  also  sat  on 
Cometa’s  board  of  directors. 
Cometa  CEO  Gary  Weis  and  Intel 
held  the  other  two  board  seats. 
The  board  ultimately  decided  to 
shutter  the  company  after  in¬ 
vestors  came  to  the  conclusion 
that  their  estimated  ROI  wasn’t 
going  to  be  enough,  says  Kent 
Hellebust,  vice  president  of  mar¬ 
keting  at  Cometa. 

There  were  signs  six  months 
ago  that  Cometa  was  not  going  to 
meet  its  deployment  goals, 
Cravens  says.  “And  then  Wayport 
won  the  McDonald’s  hot-spot 


contract,  which  was  supposed  to 
be  Cometa’s,”  she  says. 

Although  the  company  had 
trouble  executing  as  a  successful 
business,  AT&T,  Sprint  and  iPass 
all  used  Cometa  hot  spots  to  sup¬ 
port  wireless  LAN  services.  None 
seem  publicly  concerned  that 
Cometa  is  going  away 

“The  impact  on  customers  will 
be  minimal,”  an  AT&T  spokesman 
says.“We  expect  a  high  number  of 
Cometa  [hot  spots]  to  be  served 
by  other  Wi-Fi  providers.” 

Cometa  says  it  is  working  with 
all  its  customers  to  determine  the 
best  course  of  action  in  spinning 
down  the  business.  Hellebust  says 
“it’s  up  to  each  venue”  to  deter¬ 


mine  what  will  happen  with  each 
hot  spot.  Although  Cometa  owns 
the  hot-spot  gear,  the  company 
says  its  customers  will  have  the 
ultimate  say  in  what  happens  to 
this  gear. 

Sprint  says  Cometa’s  demise  will 
have  no  effect  on  its  plan  to  have 
10,000  hot  spots  deployed  by  year- 
end.  Sprint  says  it  now  has  2,300 
hot  spots.  And  of  iPass’  9,750  hot 
spots,  the  service  provider  says 
Cometa  only  serves  97  of  them, 
with  the  largest  concentration  in 
Seattle.  A  company  spokesman 
says  iPass  has  roaming  agree¬ 
ments  with  seven  other  Wi-Fi 
providers  in  Seattle  and  doesn’t 
anticipate  coverage  problems.  ■ 


RFID  expectations  vary 


IT  priorities 


Retailers  are  investing  in  store  communications  tech¬ 
nologies  and  supply-chain  enhancements,  according 
to  Gartner. 


Wireless  in-store  access 

9%  13% 


20% 


IP  telephony 

16% 

18% 

9%  14% 

Store-level  forecasting  and  replenishment 

11% 


17% 


RFID 

9% 

5% 

|  26% 

2% 


I  Updated  technology 
within  the  last  three 
years 


j  Started  but 
not  finished 


Will  upgrade 
'  this  year 


Will  upgrade 
within  two 
years 


■  BY  ANN  BEDNARZ 

CHICAGO  —  Retailers  expres¬ 
sed  divergent  views  of  the  rev¬ 
enue-generating  potential  of 
radio  frequency  identification 
technology  at  last  week’s  Retail 
Systems  conference.  Executives 
from  Wal-Mart,  Marks  &  Spencer 
and  Target  said  it’s  possible  to 
make  a  business  case  for  using 
RFID  in  the  supply  chain  today, 
while  others  expressed  less  opti¬ 
mistic  assessments  of  payback 
potential  given  the  technology’s 
current  level  of  maturity 

“One  of  the  greatest  benefits 
will  be  increased  sales,”  said 
Michael  Duke,  an  executive  vice 
president  at  Wal-Mart,  in  his  key¬ 
note  address  at  Retail  Systems. 
The  Bentonville,  Ark.,  retail  giant 
is  about  four  weeks  into  its  first 
live  RFID  pilot,  which  covers  21 
products  from  eight  suppliers 
passing  through  Wal-Mart’s  San¬ 
ger, Texas,  distribution  center  and 
into  seven  of  its  retail  stores. 

An  RFID-enabled  supply  chain 
will  help  companies  be  more 
productive,  better  manage  ex¬ 
penses  and  improve  inventory 
turns,  but  the  technology’s  poten¬ 
tial  to  reduce  out-of-stock  items 
and  feed  sales  is  most  com¬ 
pelling,  Duke  said. 

Minneapolis-based  Target  also 
championed  RFID’s  potential  to 
improve  merchandise  availability. 

“It’s  still  alarming  the  amount  of 
times  we’re  out  of  stock,” said  Paul 
Singer,  CIO  at  Target,  which  in 
February  announced  plans  to 
require  its  top  suppliers  to  begin 
shipping  RFID-tagged  pallets  and 


cases  next  year.  Industry  experts 
estimate  retail  out-of-stock  condi¬ 
tions  hover  between  5%  and  10%, 
and  cost  retailers  billions  of  dol¬ 
lars  in  lost  sales  each  year. 

Singer  sat  beside  Linda  Dill- 
man,  his  CIO  counterpart  at  Tar¬ 
get’s  arch-competitor  Wal-Mart,  in 
an  RFID  roundtable  at  the  Retail 
Systems  show  and  quipped 
about  the  two  holding  hands  as  a 
sign  of  solidarity  in  promoting 
global  RFID  standards.  “If  we 
don’t  do  this  in  one,  standards- 
based  way,  the  chances  of  this 
being  successful  go  way  down," 
Singer  said. 

At  a  retail  RFID  symposium 


held  in  conjunction  with  the 
show,  Marks  &  Spencer  outlined 
its  use  of  RFID  in  its  food  opera¬ 
tions.  The  UK.  retailer  has  tagged 
3.5  million  trays  used  for  trans¬ 
porting  perishable  items  among 
suppliers  and  stores,  said  James 
Stafford,  head  of  RFID  at  Marks  & 
Spencer.  The  rationale  for  using 
RFID  tags  as  opposed  to  tradi¬ 
tional  bar  codes  —  which  must 
be  visible  to  scanners  and  read 
individually  —  is  simple,  Stafford 
said.  Marks  &  Spencer  can  read 
RFID  tags  faster,  which  saves  time 
and  money 

Stafford  acknowledged  the 

See  Retail,  page  20 
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WIIN  switch  execs  come  to  dinner 

Start-up  chiefs  chat  up  technology  concerns  and  marketplace  battles. 


Airespace  CEO  Brett  Galloway,  top  left,  Trapeze  CEO  Jim  Vogt,  AirFlow  CEO 
Bob  Machlin,  right,  and  Aruba  CEO  Don  LeBeau,  seated,  attended  Network 
World's  second  WLAN  switch  start-up  dinner  in  Las  Vegas. 


■  BY  NEAL  WEINBERG 

LAS  VEGAS  —  At  last  year’s 
Network  World  dinner  with  top 
executives  from  some  of  the 
leading  wireless  LAN  switch 
start-ups,  the  talk  focused  on 
access  points,  chipsets  and  radio 
frequency  beams.  This  year,  the 
conversation  centered  on  part¬ 
nerships,  the  channel,  horizontal 
markets  and,  of  course,  an  800- 
pound  gorilla  called  Cisco. 

Yes,  the  WLAN  switch  market 
has  grown  up  over  the  past  year. 
From  the  vendors’  perspective, 
technology  concerns,  such  as 
standards  and  security,  have 
been  largely  addressed.  Products 
are  shipping.  Now  the  task  is 
building  a  sales  infrastructure 

C  \ 

What  has  been 
your  biggest 
surprise  over  the 
past  year? 

Airespace’s  Galloway: 

“Once  customers  have  a 
wireless  infrastructure,  the 
infrastructure  sucks 
applications  into  it." 

Aruba’s  LeBeau:  “How 
rapidly  it’s  become  horizontal. 
The  other  surprise  is  how  few 
people  we  talk  about  ROI 
with.The  demand  is  so  high." 

AirFlow’s  Machlin:  "On  the 

application  side  it’s  voice  —  I 
don't  think  our  conversation 
last  year  even  mentioned  the 
word  ‘voice.’" 

V _ 

that  can  win  business  in  this 
highly  competitive  market. 

Toward  that  end,  two  of  the  ven¬ 
dors  from  last  year’s  Net- 
World+lnterop  dinner  —  Aruba 
Wireless  Networks  and  Trapeze 
Networks  —  recently  brought  on 
sales-sawy  industry  veterans  as 
CEOs.  The  new  faces  in  our  pri¬ 
vate  dining  room  at  Canaletto’s 
in  the  Venetian  Hotel  were 
Aruba’s  Don  LeBeau  (formerly  of 
Data  General,  IBM  and  Cisco) 
and  Trapeze’s  Jim  Vogt  (formerly 
of  Bay  Networks,  Nortel  and 
Ingrian). 

Airespace  CEO  Brett  Galloway 
returned  for  a  second  year, as  did 
AirFlow  Networks  CEO  Bob 
Machlin.  But  AirFlow  recently 
dropped  out  of  the  WLAN  switch 
derby  and  is  now  a  component 


vendor,  selling  its  VoIP-centric 
“switch  on  a  chip"  technology  to 
other  systems  vendors.“In  the  last 
year  a  lot  of  things  were  sorted 
out,”  Machlin  said.  “One  of  the 
things  we  discovered  was  that 
our  value-add  was  really  embed¬ 
ded  in  core  technology’ 

In  a  second-floor  room  over¬ 
looking  a  Vegas  version  of  Ven¬ 
ice’s  St.  Mark’s  Square,  the  vendors 
were  upbeat  about  the  way  the 
market  is  responding  to  their 
products  and  passionate  about 
the  idea  that  WLANs  will  revolu¬ 
tionize  corporate  networks.  And 
despite  the  fact  that  they  com¬ 
pete  for  customers,  they  never 
sniped  at  each  other  —  they 
saved  that  for  Cisco. 

After  ordering  wine  and  chat¬ 
ting  for  a  bit,  we  closed  the  win¬ 
dows  to  muffle  the  singing  of  the 
gondoliers  and  got  down  to  busi¬ 
ness.  Here  are  highlights  of  the 
wide-ranging  conversation. 

None  of  the  privately  held  com¬ 
panies  would  talk  about  revenue 
numbers,  but  they  all  maintained 
that  the  market  has  grown  signif- 
icantly.“A  lot  of  people  were  eval¬ 
uating  technology  last  year,  and 
this  year  they’re  actually  buying,” 
Vogt  said. “The  pace  is  definitely 
picking  up  in  terms  of  compa¬ 
nies  spending  real  money’ 

Galloway  identified  two  major 
trends  that  occurred  over  the 
past  year.  First,  customers  began 
moving  from  pilot  projects  to 
enterprise-wide  deployments; 
and  second,  the  market  moved 
from  narrow  verticals  such  as 
education,  medical  and  retail,  to 
a  broad  horizontal  market. 

He  said  the  vertical  markets 
were  a  good  proving  ground  for 
wireless  technology.  The  ven¬ 
dors  identified  and  addressed 
weaknesses  such  as  scalability 
and  management  feature.Today, 
technology  is  less  of  a  focus  for 
these  CEOs. 

LeBeau  said  his  top  priorities 
are  building  “a  distribution 
model  that  is  an  extension  of  our 
service  and  support  model”  and 
putting  together  a  business  infra¬ 
structure  that  can  scale. 

Vogt  said  partnerships  are  at 
the  top  of  his  list. 

Speculation  has  been  rampant 
that  Cisco  and  other  wired 
switch  vendors  would  gobble  up 
some  of  these  start-ups.  They  all 
refused  to  bite,  however,  when 
asked  if  Cisco  had  approached 
them. They  did  point  out  that  the 


universe  of  possible  suitors  goes 
far  beyond  the  usual  suspects. 

“There’s  a  tremendous  oppor¬ 
tunity  for  partnerships  and  not 
just  with  data  and  voice  infra¬ 
structure  vendors, ’’Vogt  said.“The 
endpoint  is  personalized  ser¬ 
vices,  being  able  to  deploy  ser¬ 
vices  to  a  person  vs.  assigning 
network  attributes  to  a  port.  It’s 
much  more  intense  when  you 
have  mobility  mixed  into  the 
equation,  where  you  identify  a 
user  and  assign  a  policy  and  ser¬ 
vices,  and  those  policies  and  ser¬ 
vices  travel  with  users  as  they  tra¬ 
verse  the  network.  If  you  view  it 
that  way,  it’s  not  about  wireless, 
it’s  about  mobility,  and  there  are 
huge  opportunities  on  multiple 
levels  in  terms  of  partnerships.” 

As  the  dinner  progressed  from 
insalata  to  pasta,  the  conversa¬ 
tion  inevitably  turned  to  the 
meat  of  the  issue:  Cisco.  All  of  the 
vendors  acknowledged  that 
Cisco  is  the  market  leader,  with 
somewhere  about  a  60%  share. 
But  they  maintained  that  when  it 
comes  to  wireless,  Cisco  just 
doesn’t  get  it. 

The  CEOs  scoffed  at  Cisco’s 
most  recent  announcement,  an 
$18,000  WLAN  Services  Module 
that  fits  into  the  Catalyst  6500 
switch.  The  announcement  is 
part  of  Cisco’s  Structured  Wire 
less  Aware  Network  (SWAN) 
architecture,  which  is  based  on 
the  idea  that  customers  should 
add  wireless  features  to  their 
existing  wired  switch  network. 

“1  don’t  think  they  have  yet  fig¬ 
ured  out  what  problem  they  need 


to  solve,  despite  the  announce¬ 
ment  of  their  SWAN  architecture 
and  the  point  product  an¬ 
nounced  today’ Machlin  said. 

Vogt  added  that  for  the 
amount  of  money  a  Cisco  cus¬ 
tomer  would  pay  for  one  mod¬ 
ule,  his  customers  could  buy 
enough  access  points  and 
WLAN  switches  to  set  up  a 
whole  wireless  network. 

“The  major  difference  between 
the  incumbent  vendors  and  this 
group  is  that  we  fundamentally 
believe  802.11  requires  a  pur¬ 
pose-built  infrastructure  to  opti¬ 
mize  things  people  are  trying  to 
do,  as  opposed  to  just  trying  to 
say  it’s  a  feature  on  the  wired  net¬ 
work,”  LeBeau  said.  He  said  the 
incumbents  such  as  Cisco, 
Foundry  Networks  and  Extreme 
Networks  understandably  are 
trying  to  protect  their  flanks  from 
the  wireless  onslaught,  but  the 
momentum  is  on  the  side  of  the 
pure  play  wireless  vendors. 

So,  why  does  Cisco  still  domi¬ 
nate  the  market? 

LeBeau  put  it  this  way: 
“Customers  who  are  uninitiated 
make  the  decision  to  go  with  the 
incumbent  vendor  because  it’s 
safe  and  comfortable. The  reality 
is  that  the  customer  who  be¬ 
comes  initiated  soon  learns 
there’s  a  better  way  to  do  it  and 
that’s  the  target  market  for  us.” 

It’s  not  about  getting  customers 
to  replace  their  Cisco  gear,  Mach¬ 
lin  said,  because  customers  still 
will  be  Cisco  shops  and  a  good 
percentage  probably  still  will 
have  some  Cisco  access  points 


in  their  networks.  It’s  about  win¬ 
ning  over  customers  when  they 
move  from  pilot  to  full-blown 
deployment. 

That’s  where  the  start-ups,  with 
their  thin  access  points  and 
smart  switches,  think  they  have  a 
major  advantage  over  Cisco’s  fat 
access  point  model.  “It’s  decen¬ 
tralized  vs.  centralized,”  LeBeau 
said.  With  the  Cisco  model,  the 
logic  and  processing  power  is  at 
the  edge  of  the  network,  so  if  a 
customer  needs  to  make  a 
change  to  their  security  settings 
to  combat  a  new  threat,  the  cus¬ 
tomer  has  to  touch  every  access 
point.  “It’s  a  very  disruptive 
approach.  It’s  labor-intensive,  and 
it’s  very  insecure,”  he  said. 

Voice  technology  has  generat¬ 
ed  quite  a  bit  of  buzz  lately,  and 
the  vendors  agreed  that  there’s  a 
synergy  between  VoIP  and  WLAN 
technologies. “VoIP  over  wireless 
LAN  is  a  significant  driver  for 
VoIP  in  general,”  Galloway  said. 

As  the  waiter  brought  a  round 
of  espressos,  the  conversation 
turned  to  the  long-range  trend 
toward  mobility. 

“In  addition  to  economics  dri¬ 
ving  the  transition  from  wired  to 
wireless,  there’s  a  more  funda¬ 
mental  drive,  which  is  that  per¬ 
sonal  communications  wants  to 
be  untethered,”  Galloway  said. 
“You  see  this  in  the  transition 
from  wired  phones  to  cell 
phones,  in  the  home  from  wired 
phones  to  cordless  phones,  in 
the  rise  of  PDAs  and  laptops.” 

LeBeau  summed  it  up  this  way: 
“Wireless  will  be  the  primary 
connection.  And  you  can  eco¬ 
nomically  prove  that  to  be  the 
case.  Today  we  have  technology 
that  is  going  through  an  evalua¬ 
tion,  and  it  will  become  as  pre¬ 
dictable  and  reliable  as  the  blue 
cable.  It’s  inevitable  that  it  will. 
And  when  it  does,  the  econom¬ 
ics  will  drive  the  entire  edge  of 
networks  to  be  wireless.  When 
that  happens,  the  way  you  build 
networks  will  entirely  change.” 

As  we  left  the  restaurant,  the 
CEOs  expressed  confidence  that 
their  start-ups  would  be  around  a 
year  from  now  and  said  they 
looked  forward  to  another  dinner 
of  fine  food,  wine  and  conversa¬ 
tion.  Noting  that  it  took  each  of 
them  at  least  20  minutes  to  locate 
the  restaurant  amid  the  hotel’s 
maze-like  corridors  of  malls  and 
canals,  we  agreed  to  reconvene  at 
an  easier-to-find  location.* 


development  and  resource  management  services  on  Linux,  NetWare®  or  any  other  platform  you  may  be  running.  Also,  with  the  acquisitions  of  SUSE®  LINUX  and  Ximian®,  Novell®  can  now  integrate  an  end-to-end  open 
source  strategy  from  desktop  to  server,  throughout  your  enterprise.  We'll  train  and  certify  your  IT  staff  to  deploy  Linux-based  solutions.  And  we'll  provide  award-winning  technical  support,  customized  for  your  business, 
24/7/365  worldwide.  For  complete  flexibility  that  delivers  breakthrough  savings,  call  1-800-513-2600  or  visit  www.novell.com/linux  @we  speak  your  language. 
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Perimeter  security 

Microsoft  plans  to  unveil  Internet  Security  and 
Acceleration  Server  2004  next  week,  the  first  new  version 
of  the  firewall  and  caching  software  since  its  intro¬ 
duction  in  2001.  Here  is  a  look  at  the  pros  and  cons  of 
the  server,  set  for  general  availability  in  July. 


Microsoft 

continued  from  page  1 

application-layer  firewall,  VPN 
and  caching  server. 

The  platform  will  get  its  XML 
boost  from  Forum  XWall,  a  Web 
services  firewall  from  Forum 
Systems.  The  add-on  component 
is  integrated  into  the  ISA  Server 
Console. XWall  inspects  XML  mes¬ 
sages  to  authenticate  data,  vali¬ 
date  schema  and  check  for  mali¬ 
cious  content. 

Support  for  XML  in  ISA  Server 
2004  lets  corporations  secure 
XML-based  Web  services  applica¬ 
tions  and  will  contribute  to  the 
building  of  a  service-oriented 
architecture.  The  absence  of  an 
XML  firewall  had  drawn  criticism 
from  users  and  analysts.  With  ISA 
2000  (which  was  released  in 
2001), Microsoft  only  provides  an 
Internet  Server  API  (ISAP1)  filter 
for  validating  XML  messages. 

/53$V\  Windows 
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“This  has  been  one  shortcom¬ 
ing  of  the  product, "says  Peter  Paw- 
lak,  an  analyst  with  research  firm 
Directions  on  Microsoft.“Web  ser¬ 
vices  is  like  calling  a  function,  so 
you  have  to  look  at  the  messages 
through  careful  inspection.  You 
have  to  ensure  the  messages  are 
well-formed  XML,  that  they 
adhere  to  current  parameters  and 
do  not  have  any  malicious  code 
injected.” 

In  addition  to  packet  inspec¬ 
tion,  the  Forum  XWall  for  ISA 
Server  2004  is  expected  to  pro¬ 
vide  acceleration  of  XML  traffic, 
which  is  very  CPU-intensive  be¬ 
cause  each  message  must  be 
opened  and  parsed. 

XWall  for  ISA  Server  2004  pro¬ 
vides  data-level  authentication, 
schema  validation,  XML  intrusion 
prevention  and  support  for  the 
WS-I  Basic  Profile,  a  set  of  guide¬ 
lines  to  ensure  interoperability 
across  disparate  products. 

“The  2000  version  of  ISA  was  a 
red-headed  stepchild,  but  ISA 
2004  should  be  ready  for  prime 
time,”  says  Wes  Swenson,  CEO  of 
Forum,  which  competes  with 
DataPower,  Layer  7  Technologies, 
Reactivity,  Sarvega,  Vordel  and 


Pros 

VPN  filtering:  VPN  natively 
supported  through  VPN 
network  type. 


Westbridge  Technology.  Tradi¬ 
tional  firewall  vendors,  such  as 
Check  Fbint,  also  offer  XML  traffic 
inspection  capabilities. 

XML  support  is  just  one  addition 
to  ISA  Server  2004.  Celestix  Net¬ 
works  will  introduce  a  firewall, 
caching  and  VPN  appliance 
based  on  ISA  Server  2004.  Ava- 


Cons 

Lack  of  SIP  application  proxy: 

Needed  to  support  handling  of 
voice  and  video  using  Session 
Initiation  Protocol. 


No  IPv6  support:  Adds  support 
for  IPSecTunnel  Mode  but  left 
out  IPv6. 


Web  services  proxy  missing: 

Microsoft  plans  to  add  capability 
in  final  release  through  licensing 
deal  with  Forum  Systems. 


nade,  a  systems  integrator  formed 
by  a  joint  partnership  in  2000  be¬ 
tween  Accenture  and  Microsoft, 
will  introduce  VPN  Quarantine 
for  ISA  Server  2004,  which  assess¬ 
es  the  configuration  of  a  client 
system  before  it  can  connect  to 
the  network. 

Windows  Server  2003  and  ISA 


New  user  interface:  Replaces 
the  standard  Microsoft  Manage¬ 
ment  Console  plug-in  used  in 
ISA  Server  2000. 


Multi-network  capabilities: 

Replaces  single-network 
support  with  unlimited  multiple 
networks  and  types  (internal, 
external,  VPN,  DMZ). 


Microsoft  redirects  Commerce  Server 

Feature  Pack  1  is  first  steps  of  revived  plan  that  follows  the  demise  of  Jupiter. 


■  BY  JOHN  FONTANA 

In  the  ashes  of  its  disbanded 
Jupiter  project,  Microsoft  last 
week  revived  its  e-commerce 
server  with  the  introduction  of  a 
new  feature  pack  and  a  promise 
that  the  next  version  will  ship  in 
2006. 

With  Feature  Pack  1  for  Com- 


TTHIS  WEEK'S  QUESTION: 

WilTel,  the  carrier's 
carrier  that  has  begun 
selling  to  enterprise 
customers,  is  a  wholly 
owned  subsidiary  of 
what  company? 

Stumped?  Get  the  answer  online. 

Visit  Network  World  Fusion  and  enter 
2349  in  the  Search  box. 


merce  Server  2002,  Microsoft  has 
updated  the  interfaces  of  its  Bus¬ 
iness  Desk  client  software,  which 
let  product  and  marketing  man¬ 
agers  maintain  an  e-commerce 
site  with  little  IT  intervention. The 
company  has  added  a  more 
Windows-like,  tree-menu  naviga¬ 
tion,  and  reinforced  management 
of  catalog  content  and  product- 
discount  services  offered  online. 
Also  new  is  a  feature  that  allows 
for  multi-environment  staging 
across  firewalls  of  commerce  sites 
for  easy  review  before  those  sites 
go  live,  and  support  for  coupons 
and  online  promotion  codes. 

While  Feature  Pack  1  is  available 
now,  the  next  major  upgrade  of 
Commerce  Server,  code-named 
VNext,  won’t  ship  until  2006. 

“Given  the  changes  around 
Jupiter,  we  wanted  to  reaffirm  our 
commitment  to  Commerce 
Server,”  says  Stacey  Ellingson, 
product  manager  in  the  business 
process  and  integration  division 
at  Microsoft. 

Commerce  Server  provides 
tools  for  building  and  maintain¬ 
ing  online  commerce  sites,  in¬ 
cluding  user  profile  manage¬ 
ment,  personalization,  merchan¬ 
dising,  catalog  management, 


order  processing,  globalization 
and  online  business  analytics. 

Announced  in  2002,  Jupiter  was 
an  effort  to  integrate  BizTalk 
Server,  Commerce  Server  and 
Content  Management  Server  into 
a  suite.  It  was  to  compete  with 
Java-based  middleware  bundles 
from  BEA  Systems  and  IBM  for 
supporting  content-rich,  process- 
driven  business  applications.  Mi¬ 
crosoft  scrapped  Jupiter  earlier 
this  year  when  customers  said 
they  did  not  want  to  buy  the  prod¬ 
ucts  as  a  suite.  The  company  said 
it  still  would  build  integration 
between  the  individual  products. 

“With  IBM  pushing  on  Web¬ 
Sphere  and  BEA  with  its  com¬ 
merce  platform,  I  don’t  see  Micro¬ 
soft  getting  out  of  the  game,”  says 
Peter  Pawlak,  an  analyst  with  the 
research  firm  Directions  on 
Microsoft.“For  a  long  time  Jupiter 
was  the  road  map.  Now  they  have 
to  assure  customers  that  Com¬ 
merce  Server  is  not  dead.” 

That  effort  will  get  its  first  boost 
in  the  2006  version  when  Micro¬ 
soft  will  add  BizTalk  adapters  to 
Commerce  Server  that  make  it 
possible  to  connect  online  order- 
management  processes  to  back¬ 
end  systems. 


Microsoft  also  will  replace  the 
reporting  engine  in  Commerce 
Server  with  SQL  Server  Reporting 
Services,  which  can  pull  together 
commerce  data  from  multiple 
business  channels,  including 
Commerce  Server  and  point-of- 
sale  terminals.  The  same  report¬ 
ing  services  also  will  find  their 
way  into  other  server  products, 
such  as  Microsoft  Operations 
Manager  2005,  so  Microsoft  can 
provide  centralized  reporting 
capabilities,  experts  say 

Commerce  Server  also  will  be 
more  closely  integrated  with 
Visual  Studio  2005  to  allow  quick¬ 
er  development  and  deployment 
of  commerce  sites.  The  Visual 
Studio  integration  is  part  of  a 
long-range  plan  to  get  all  server 
applications  on  a  common  plat¬ 
form  that’s  based  on  .Net.  Micro¬ 
soft  also  will  provide  additional 
user  interface  upgrades  on  par 
with  those  in  Feature  Pack  1  and 
more  self-service  features  that 
would  let  online  users  check 
their  order  status,  inventory  levels 
and  account  information. 

Feature  Pack  1  for  Commerce 
Server  2002  is  available  as  a  free 
download  at  www.microsoft. 
com/commerceserver/. 


Server  2004  provide  rudimentary 
quarantine  technology  that  lacks 
assessment  capabilities,  accord¬ 
ing  to  Craig  Nelson,  systems  engi¬ 
neer  for  Avanade.  VPN  Quaran¬ 
tine  will  provide  those  capabili¬ 
ties  and  add  an  administrative 
interface  for  setting  rules  and 
policies. 

Microsoft  is  making  a  big  push 
to  upgrade  its  quarantine  tech¬ 
nology,  including  server  enhance¬ 
ments  in  Windows  2003  Service 
Pack  l.due  next  year, and  Update, 
which  is  due  next  year.  The  com¬ 
pany  also  is  working  with  anti¬ 
virus  vendors  such  as  Trend 
Micro. 

Security  will  be  a  main  theme 
at  Tech  Ed,  which  is  expected  to 
draw  11,000  IT  professionals. 
Also  on  the  docket  is  a  preview 
of  management  software,  includ¬ 
ing  System  Center  2005,  patching 
tools  such  as  Windows  Update 
Services,  and  other  forthcoming 
products  such  as  SQL  Server 
2005  and  Visual  Studio  2005. 
Microsoft  also  plans  to  release 
Service  Pack  1  for  Exchange 
Server  2003. 

But  Longhorn,  which  was  the 
main  area  of  focus  earlier  this 
month  at  the  Windows  Hardware 
Engineering  Conference, is  not  on 
the  docket. 

“TechEd  is  where  we  start  to 
make  things  real  and  people  can 
get  their  hands  on  the  technol¬ 
ogy?’  says  Harley  Sipner,  senior 
product  manager  for  the  Win¬ 
dows  Server  System  at  Microsoft. 

Meanwhile,  patch  vendors 
PatchLink,  Bindview  and  Con- 
figureSoft  are  expected  to  intro¬ 
duce  products. 

Integration  vendor  Vintela  will 
introduce  Authentication  Ser¬ 
vices,  which  'allow  authentica¬ 
tion  of  Unix  and  Linux  systems 
through  Active  Directory,  and 
Management  Extensions,  an  add¬ 
on  to  System  Management 
Server  2003  for  managing  Unix 
and  Linux  desktops  and  servers 
and  Macintosh  desktops.  WRQ 
plans  to  announce  the  new  ver¬ 
sion  of  its  host-access  software 
Reflection,  which  includes  new 
security,  management  and  cus¬ 
tomization  features. 

On  the  Exchange  front,  KVS 
will  show  its  Enterprise  Vault  5.0, 
for  archiving  and  managing  e- 
mail,  Microsoft  file  system  docu¬ 
ments,  instant  messages  and 
SharePoint  documents.  Sybari 
Software  will  unveil  Antigen  8.0 
for  Exchange,  Advanced  Spam 
Manager  and  the  Sybari  Enter¬ 
prise  Manager.  ■ 
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COMPANIES  THAT  PUT  VOICE  ON  THE 
NETWORK  CHOOSE  THE  COMPANY 
THAT  BUILT  THE  NETWORK. 

When  voice  joins  data  on  a  secure  network,  some  remarkable  things  can  happen.  Instead  of  managing  different  flavors  of  PBX  from  location  to  location,  you 
can  handle  everything  from  one  place,  saving  time  and  money — not  to  mention  mileage  on  IT  staff  shoes.  And  with  over  20  years  of  proven  networking 
experience,  Cisco  has  become  the  standard  for  millions  of  voice  IP  users  around  the  world.  It's  why  over  half  of  the  Global  500  have  chosen  Cisco  to  rethink 
the  way  they  handle  voice.  And  their  business.  Are  you  in  yet?  To  learn  how  Cisco  can  help  you  plan,  design  and  implement  an  end-to-end  IP  solution,  visit 

cisco.com/go/ipcnow.  NOW,  OVER  THREE  MILLION  PEOPLE  ARE  USING  CISCO  IP  PHONES. 


Cisco  Systems 


THIS  IS  THE  POWER  OF  THE  NETWORK.  flOW. 


£2004  Cisco  Systems,  Inc.  All  rights  reserved.  Cisco,  Cisco  Systems,  Cisco  IOS,  and  the  Cisco  Systems  logo  are  registered  trademarks 

or  trademarks  of  Cisco  Systems,  Inc.  and/or  its  affiliates  in  the  U.S.  and  certain  other  countries. 


i ices 


Progress 


® 


www.nwfusion.com 

m 

NetworkWorld 

5/24/04 1  Hews 

Life  after  Verizon  sees  BBN  returning  to  its  roots 


If  you  thought  Internet  and  e-mail  pioneer  BBN  had  disap¬ 
peared  some  years  ago,  you  wouldn 't  be  alone,  acknowl¬ 
edges  Tad  Elmer,  the  company’s  president  and  CEO.  Never 
a  huge  self-promoter,  the  consistently  profitable  research- 
and-development  outfit  went  into  big-time  quiet  mode 
when  it  became  part  of  Verizon  in  2000  by  way  of  a  merger 
involving  then-parent  GTE.  Newly  independent  after  being 
sold  off  earlier  this  year,  BBN  is  ready  to  break  its  silence. 
Elmer  recently  updated  Network  World  Executive  News 
Editor  Bob  Brown  on  the  56-year-old  company’s  plans. 


How  will  life  after  Verizon  be  different? 

Verizon  was  a  good  place  to  be. You  certainly  knew  your  paycheck  wasn’t 
going  to  bounce.  But  there  was  a  significant  difference  in  culture. They  are 
more  of  a  user  of  R&D  than  a  pusher  of  it.  So  one  big  plus  for  us  is  that  we  can 
be  true  to  our  nature  again. 

One  constraint  in  being  part  of  a  telecom  company  is  that  there  are  a  lot  of 
funny  rules  and  regulations,  including  that  the  RBOCs  are  not  allowed  to  own 
more  than  a  certain  percent  of  equipment  makers.  And  for  us  to  do  communi¬ 
cations  work,  our  best  chance  is  usually  to  license  technology  to  people  who 
make  equipment  to  help  them  differentiate  their  products  or  get  the  products 
to  do  something  they  wouldn’t  normally  do. Verizon  was  justifiably  very  conser¬ 
vative  about  how  they  approached  those  things.  So  we  should  have  more  flexi¬ 
bility  now  about  doing  deals.  It  also  makes  it  a  little  easier  if  we  want  to  go  talk 
to  the  other  RBOCs. 

How  much  did  Verizon  drive  your  R&D  direction? 

We  were  operating  not  entirely  independently  but  we  did  the  vast  majority  of 
our  work  for  external  clients.  But  we  did  some  work  for  Verizon  and  are  contin¬ 
uing  to  do  it.  We  spent  a  lot  of  time  trying  to  get  our  technology  to  help  them  in 
their  call  centers.  We  also  did  a  security  audit  for  them  and  looked  at  how  to 


minimize  crosstalk  on  DSL. 

BBN  is  known  largely  for  its  government  work.  Should  we  expect  to  see  you  doing  more  in 
the  commercial  market9 

We  hope  so  . .  .carefully  and  profitably  We  go  between  having  15%  and  20%  of 
our  work  from  commercial  customers,  and  we’re  hoping  to  expand  on  that, 
though  we  are  very  focused  on  keeping  existing  customers  happy  We’re  still 
doing  the  same  kind  of  innovative  work  we’ve  always  done,  though  I  can’t  guar¬ 
antee  any  of  the  things  we’re  working  on  now  will  change  the  world  like  e-mail 
and  packet  switching  have.  Check  back  in  20  years  and  we’ll  see.  [In  light  of 
being  sold  off  from  Verizon  to  BBN’s  management  team  and  investment  firms 
Accel  Partners  and  General  Catalyst  Partners] ,  the  possibility  of  us  spinning  out 
new  companies  is  on  the  table,  though  this  is  not  something  we’re  strongly 
emphasizing. 

How  would  you  describe  the  overall  state  of  basic  R&D? 

We  have  seen  interesting  work  in  some  areas,  like  speech  and  language  pro¬ 
cessing.  You  saw  this  trend  where  government  was  pushing  development  of  it. 
The  technology  got  better  to  a  certain  point  and  there  were  some  IPOs  and  a 
fair  amount  of  capital  put  into  it.Then  it  started  getting  a  little  bit  better  and 
then  it  stopped  getting  better,  and  the  reason  why  is  that  in  the  commercial 
world  you  have  to  make  a  profit  or  at  least  be  cash-flow  positive. 

It’s  hard  to  keep  pushing  research. The  start-ups  generally  don’t  push  research 
hard.  We  traditionally  had  huge  companies  like  AT&T  with  Bell  Labs  and  Xerox 
Parc  or  IBM  Watson  Research  Labs.These  were  big  places  that  were  given 
enough  funding  to  really  push  forward.  But  there’s  such  an  incredible  emphasis 
on  making  money  and  reducing  costs  now  that  it  seems  in  speech  and  net¬ 
working  and  other  places  you  don’t  see  zillions  of  dollars  on  basic  research.  If 
you  can  tweak  things  and  make  them  a  little  better  to  succeed  in  the  market 
and  get  a  result  quickly  then  that  tends  to  happen. 

More  of  the  onus  has  gone  back  to  the  federal  government  to  push  on 
research.  And  to  go  back  to  the  speech  and  language  processing,  we’ve  seen 

See  Elmer,  page  106 


You  Need  Belden's  New  DataTwist  600e  — 

The  Only  Network  Cable  That  Guarantees  Performance  Beyond  Category  6  Standards 


Suddenly,  as  quickly  as  Category  6  cable  performance  standards  have  been  adopted.  Belden 
has  made  them  obsolete.  DataTwist  600e  UTP  networking  cable  was  developed  not  only  to  meet 
Category  6  standards,  but  also  to  provide  significant  amounts  of  headroom  above  and  beyond 
them  —  guaranteed.  It’s  the  industry’s  on/yUTP  cable  with  guaranteed  performance  to  600  MHz. 

The  secret?  Belden's  unique,  patented  Bonded-Pair  technology  that  ensures  uniform  conductor- 
to-conductor  spacing  to  eliminate  performance-robbing  gaps  between  pairs. ..coupled  with 
the  patented  e-Spline  design  that  provides  consistent  pair-ts  pair  spacing 
by  placing  pairs  in  individual  chambers. 

The  result: 

•  8  dB  of  Power  Sum  NEXT  headroom  over  Category  6  —  guaranteed. 

•  Nearly  5  dB  of  return  loss  improvement  over  Category  6 
at  100  MHz  —  guaranteed. 

•  An  attenuation  margin  over  Category  6  standards  —  guaranteed 

•  Positive  Power  Sum  ACR  to  460  MHz  —  guaranteed. 


DuPont  is  the  sole 
supplier  ot  FEP  Tellon 
insulation  material  used 
in  the  plenum  product 


All  of  which  means  better  and  faster  performance  for  you 
For  more  information  call  1-800- BELDEN -4  to  get  your 
FREE  copy  of  the  DataTwist  600e  New  Product  Bulletin. 

www.belden.com/networking 
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Performance  Delivers  The  Future 
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IT  MIGHT  BE  EASIER  TO  TELL  YOU  WHERE  OUR  IP  NETWORK  DOESN’T  GO. 


At  Global  Crossing,  we  built  an  IP  network  that  provides  service  to  more  than  500  commercial  centers  in  50  countries  on 
5  continents.  Not  surprising  from  a  company  that  first  offered  VoIP  technology  to  enterprises  and  wholesale  carriers  four  years 
ago.  Today  our  network  carries  more  than  2  billion  VoIP  minutes  per  month.  And  our  groundbreaking  iVideoconferencing" 
technology  promises  to  become  the  standard  in  how  companies  communicate.  When  it  comes  to  how  we  communicate, 
it's  always  with  a  single  contact  point  for  customers.  We  believe  there's  no  better  way  to  make  sure  they  remain  satisfied 
customers.  To  look  into  becoming  one  yourself,  visit  us  at  globalcrossing.com. 


One  planet.  One  network:"  Infinite  possibilities. 


Global  Crossing* 
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Deals  to  be  had 


Cisco  is  competing  with  its  own  used  gear  in  the 
refurbished  router  and  switch  market.  NHR,  a  used 
Cisco  reseller,  beats  Cisco  on  prices  of  products  that 
have  been  on  the  market  for  more  than  two  years  (Cisco 
tops  NHR  on  the  3700  router  because  it  is  a  newer 
product).  Here  is  a  sample  of  new  and  used  equipment 
from  Cisco  and  NHR: 


Product 


Catalyst  6509  switch  chassis* 


Catalyst  2984G  switch 
3700  four-slot  router 


32M  bit  memory  for  2600  routers 


Cisco 

list 

price 


$9,500 


$6,000 


$12,000 


$950 


Cisco 

Authorized 

Remarketing 


$6,462 


$4,190 


$6,615 


$662 


NHR 


$4,500 


$1,900 


$7,900 


$125 


*New  product  without  power  supply/used  includes  power  supply. 

SOURCES:  CISCO  S  DISTRIBUTION  PRODUCT  REFERENCE  GUIDE  WEB  SITE,  CISCO  AUTHORIZED  RE¬ 
MARKETING  PROGRAMWEB  SITE.  NHR. 
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not  intended  to  be  an  alterna¬ 
tive  to  the  used  market  or  a  tool 
for  competing  with  lower-cost 
vendors,  according  to  Cisco. 
While  the  company  does  not 
break  out  sales  through  its 
Authorized  Remarketing  Pro¬ 
gram,  a  Cisco  spokesman  says 
the  program  has  experienced 
year-over-year  growth. 

Economic  conditions  are  forc¬ 
ing  Cisco  customers  to  look  to  the 
used  Cisco  market  and  seek 
lower-cost  alternatives,  said  Doug 
Karmin,  manager  of  business 
development  and  global  re-mar- 
keting  at  Cisco,  in  a  recent  tele¬ 
conference  with  channel  part¬ 
ners.  Another  rising  challenge  for 
Cisco  is  third-party  resellers  ag¬ 
gressively  calling  Cisco’s  existing 
customers  to  offer  inexpensive 
refurbished  products. 

“We’re  starting  to  see  a  lot  of 
competition  from  different  cate¬ 
gories,”  Karmin  said.  In  addition 
to  used  equipment  makers,  there 
are  vendors  such  as  Dell  and 


Huawei  Technologies  “coming  at 
[Cisco]  less  on  functionality  and 
more  on  price.” 

Karmin  mentioned  an  unnam¬ 
ed  federal  government  agency 
that  balked  at  Cisco’s  pricing  for 
new  Catalyst  6509  switches  on  a 
large  RFP  and  looked  into 
Foundry  Networks,  which  offered 
deep  discounts.  “When  we  came 
back  with  [refurbished]  Catalyst 
6000s,  we  got  the  deal,”  worth 
more  than  $1  million,  he  said. 

He  also  said  companies  that 
buy  used  Cisco  gear  from  autho¬ 
rized  channels  have  an  easier 
time  getting  software  licensing 
and  support  because  they  are 
included  with  the  sale  of  a  Cisco 
Authorized  Refurbished  Equip¬ 
ment  product. 

“If  I  go  out  and  buy  a  box  off  of 
eBay  not  only  am  1  ineligible  for  a 
Cisco  warranty,  I  have  to  buy  a 
software  license  and  pay  for  a 
Cisco  inspection  to  make  sure 
the  box  is  in  working  order,” 
before  support  can  be  pur¬ 
chased,  Karmin  said. 

Cisco  wouldn’t  disclose  costs  for 
performing  the  inspections. 


As  for  firms  that  are  in  the  busi¬ 
ness  of  reselling  used  gear,  he 
added,  “there  aren’t  two  or  three 
800-pound  gorillas  in  this  market. 
It’s  a  lot  of  little  guys.” 

Searching  on  Google  for  “used 
Cisco  routers”brings  up  hundreds 
of  options.  Among  the  leaders  in 
the  sub-industry  is  Network 


Hardware  Resellers  (NHR), which 
buys  network  equipment  from 
companies,  carriers  and  leasing 
firms,  then  reconditions  it  for  re¬ 
sale  to  corporate  customers  and 
carriers.  NHR  offers  90-day  war¬ 
ranties  on  its  refurbished  units,  as 
well  as  licensing  for  IOS  software. 
Users  also  can  buy  Cisco’s  Smart- 
Net  support  contracts  through 
NHR.  The  4-year-old  firm,  which 
says  it  had  $50  million  in  revenue 
last  year,  specializes  in  enterprise 
products, selling  95%  of  its  gear  to 
businesses. 

Chuck  Sheldon,  NHR  founder 
and  president,  says  his  company’s 
relationship  with  Cisco  is  “touchy 

“Cisco  is  doing  anything  they 
can  to  put  roadblocks  in  front  of 
customers  who  are  considering 
buying  equipment  from  vendors 
like  us,”  he  says,  regarding  Cisco’s 
requirement  that  used  gear  be  re¬ 
licensed  and  inspected  by  Cisco 
technicians  before  warranties 
and  support  can  be  obtained. 

While  Cisco  categorizes  firms 
like  NHR  as  gray  market  and 
warns  customers  against  using 
them,  Sheldon  says  his  firm  is 
good  for  Cisco  and  users.  “We’re 
giving  [users]  products  at  good 
prices,  and  keeping  them  on  as 
Cisco  customers.  How  is  that  bad 
for  Cisco?”  he  says.  “We’re  not  out 
there  selling  Nortel  or  3Com.” 

Just  the  right  medicine 

St.  Joseph’s  Health  System  in 
Orange,  Calif.,  is  one  NHR  user. 
Through  an  IT  management  out¬ 
sourcer,  the  hospital  has  pur¬ 
chased  production  and  spare 
Catalyst  6500s,  7500  routers  and 
2900  switches. 

“We’ve  been  able  to  do  many 
network  upgrades  despite  bud¬ 
get  constraints,”  by  purchasing 
through  NHR,  says  Robert  Van 
Vuren.a  senior  network  architect 
for  Perot  Systems,  which  man¬ 


ages  all  of  the  hospital’s  IT  duties 
from  purchasing  to  operations.“It 
allows  us  to  do  more  with  less." 

Chris  Lukas,  CTO  of  emerging 
technologies  for  online  broker¬ 
age  firm  Hold  Brothers,  also  buys 
used  equipment. 

“The  numerous  pieces  of  used 
gear  1  have  bought  have  been 
flawless  and  in  some  cases  come 
in  factory-sealed  boxes,”  he  says.“I 
heartily  recommend  it,  and  if  not 
for  production,  then  for  other 
uses,  like  spares  or  testing.” 

Lukas  questions  the  lack  of  Cis¬ 
co  licensing  and  support  for  used 
gear.  He’d  like  to  see  the  transfer 
of  IOS  licenses  and  support  on 
second-hand  gear.  He  sees  this  as 
punitive  toward  customers. 

“Why  doesn’t  Cisco  take  the 
Mercedes/Lexus  viewpoint  and 
try  to  keep  resale  values  high?”  he 
says.  “Cisco  seems  to  want  resale 
values  to  be  zero  so  there  is  no 
competition  between  new  and 
used  gear.  If  the  residual  value  is 
zero,  what  was  the  gear  really 
worth  in  the  first  place?” 

Not  everyone's  sold 

While  Gartner  does  not  track 
used  equipment  sales  for  specific 
products,  the  research  firm  esti¬ 
mates  the  overall  market  for  a 
variety  of  used  equipment  —  inc¬ 
luding  routers,  switches  and  tele¬ 
com  gear  —  will  grow  from  about 
$1.6  billion  this  year  to  $1.7  bil¬ 
lion  next  year. 

“We’re  not  seeing  a  concerted 
effort  by  larger  corporations  to  go 
out  and  embrace  the  used-equip¬ 
ment  market,”  says  Lawrence 
Orans,  principal  analyst  with 
Gartner.  “But  if  the  stars  line  up 
and  the  inventory  is  there,  many 
midsize  businesses  are  getting 
what  they  need  at  a  lower  price” 
through  used  channels. 

Some  still  prefer  new  Cisco 
equipment,  viewing  second-hand 
gear  as  a  possible  risk. 

“We  shy  away  from  anything  ex¬ 
cept  original  equipment,” says  Jim 
Olson, CIO  forWaterbury  Hospital 
in  Connecticut.  With  Waterbury 
Hospital  network  running  most 
equipment  —  from  ultrasound 
machines,  to  radiology  and  even 
phones  —  over  its  Cisco  LAN, 
used  gear  is  not  worth  the  risk,  he 
says.  “If  something  has  already 
been  in  service  and  it’s  put  into 
service  again,  there  is  a  certain 
mean  time  to  failure,  and  you’re 
getting  closer  to  that  mean  time 
to  failure  than  when  it  was  new" 

Managing  Editor  Jim  Duffy  con¬ 
tributed  to  this  report. 

G«t  mart  information  online. 
Decfinder  2141 
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Experts  disagree  about 
seriousness  of  IOS  code  theft 


■  BY  PHIL  HOCHMUTH 

While  the  FBI  and  Cisco  scrambled  last  week  to 
recover  source  code  stolen  from  the  network  giant, 
expert  opinion  differs  about  how  serious  a  threat  the 
incident  is  for  corporate  customers. 

Published  reports  last  week  said  as  much  as  800M 
bytes  of  source  code  from  Cisco’s  IOS  software  — 
the  core  operating  system  for 
its  routers  —  was  stolen  from  a 
company  server  and  posted 
briefly  on  a  Russian  Web  site. 

The  code  was  taken  down 
shortly  after  it  was  discovered. 

“Cisco  will  continue  to  take 
every  measure  to  protect  our 
intellectual  property, employee 
and  customer  information,” 

Cisco  said  in  a  statement  last 
week.  “Cisco  is  working  with 
the  FBI  on  this  matter” 

Some  observers  say  the 
source  code  theft  poses  a  serious  threat  to  IOS  users, 
and  that  the  Internet  (because  many  backbones  are 
Cisco-based)  might  be  at  risk.  With  the  once-propri- 
etary  knowledge  of  IOS’  back  doors,  hackers  could 
compromise  enterprise-  and  carrier-based  Cisco 
gear  and  cause  havoc.  Yet  other  analysts  say  the 
issues  are  more  of  a  problem  for  Cisco  and  the  FBI, 
and  less  of  an  end  user  worry 

“This  is  a  serious  issue  for  Cisco,  but  not  so  serious 
an  issue  for  enterprises,”  says  Frank  Dzubeck,  presi¬ 
dent  of  Communications  Network  Architects.  He 
says  this  incident  is  not  like  the  Microsoft  Windows 


source  code  theft  in  February,  through  which  vul¬ 
nerabilities  were  published  soon  after.  The  fact  that 
routing  is  a  more  esoteric  world  is  in  Cisco’s  favor. 

“People  have  been  looking  at  Microsoft’s  binary 
stuff  for  a  long  time  and  they  know  how  the  code 
works,”  Dzubeck  says.  For  someone  to  create  and 
publish  a  vulnerability  in  IOS  that  could  harm  com¬ 
panies,  he  would  have  to  understand  how  IOS 
works,  and  how  it  links  to 
other  modules. 

“It’s  very  different  from  PC 
software,”  Dzubeck  says.“And 
there  are  much  fewer  peo¬ 
ple  who  know  IOS  than  peo¬ 
ple  who  know  Microsoft.” 

Another  observer  is  more 
pessimistic. 

“I  believe  there’s  an  imme¬ 
diate,  impending  threat  out 
there,”  regarding  the  IOS 
code  theft,  says  Babak  Pas- 
dar,  CTO  of  IGXglobal,  an  IT 
security  firm.  He  says  because  IOS  is  a  proprietary 
operating  system,  part  of  its  security  is  that  the  pub¬ 
lic  can’t  view  back  doors  and  vulnerabilities  in  the 
code.  With  the  code  out  of  the  bag,  malicious  users 
could  comb  through  holes  known  only  to  Cisco. 

“I  would  bet  dollars  to  doughnuts  that  Cisco  is  sit¬ 
ting  on  a  whole  bunch  of  vulnerabilities  [in  IOS] 
that  are  not  public,”  Pasdar  says. “The  right  thing  for 
Cisco  to  do  is  to  make  public  all  of  its  known  vul¬ 
nerabilities  and  back  doors  to  IOS.” 

The  IDG  News  Service  contributed  to  this  report. 


Ifc  I  would  bet  dollars  to 
doughnuts  that  Cisco  is 
sitting  on  a  whole  bunch  of 
vulnerabilities  [in  IOS]  that 
are  not  public.  99 

Babak  Pasdar 

CTO,  IGXglobal 


"Instead  of  putting  out  fires,  we  now  focus 
on  ways  we  can  deploy  new  technologies 
that  benefit  our  customer  service." 

Dave  Chacon 

Manager,  Technical  Services,  PING 


NAME  f*' 

Mr.  40%  Less 
Time  Spent  on 
Maintenance  and 
Administration 

PING 


Make  a  name  for  yourself  with  Windows  Server  System.  M  Microsoft  Windows  Server  System 
makes  it  easier  for  golf  club  maker  PING  to  manage  the  infrastructure  serving  their  400  end  users. 
Here's  how:  By  using  Windows  Server™2003  with  Active  Directory,4  PING  now  centrally  manages 
all  its  servers,  desktops,  and  end  users  from  one  location.  This  cut  annual  administrative  time  by 
800  hours.  Time  that  can  now  be  spent  developing  new  ways  to  support  customers,  partners, 
and  employees.  Software  that's  easier  to  manage  is  software  that  helps  you  do  more  with  less. 
Get  the  full  PING  story  at  microsoft.com/wssystem 


Windows 
Server  System 
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Pneumatic 
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between  offices,  factories,  hospitals  and 
stores.  As  president  of  Pneumatic  Tube 
Products  in  Haywood,  Calif.,  Moeller  builds 
pneumatic  tube  networks,  which  in  a  sense 
were  among  the  original  LANs  and  MANs. 

While  the  heyday  of  pneumatic  tubes  was 
in  the  late  19th  and  early  20th  centuries,  they 
haven’t  entirely  gone  away  despite  the  rise  of 
the  Internet  and  high-speed  corporate  nets. 

At  San  Antonio  Community  Hospital,  in 
Upland,  Calif.,  paperwork  and  medications 
shoot  through  the  building  in  less  than  a 
minute,  according  to  Bob  White,  who  runs 
the  hospital’s  tube  network.  Without  it,  San 
Antonio  probably  would  have  to  hire  15  peo¬ 
ple  to  handle  the  1,200  to  1,800  transactions 
per  day  he  says.  By  contrast,  the  computer- 
controlled  tube  network  is  virtually  cost-free 
apart  from  quarterly  maintenance. 

But  hospitals  aren’t  the  only  places  using 
tubes.  Facilities  that  deal  with  trucks  still  han¬ 
dle  a  lot  of  paper  forms,  because  there  are  so 
many  different  computer  systems  in  use 
among  trucking  companies  that  it’s  hard  to  to 
work  with  all  of  them,  Moeller  says.  One  lum¬ 
ber  company  in  Northern  California  is  inter¬ 
ested  in  tubes  because  it  says  paper  is  the 
fastest  way  to  deal  with  shipping. 

“They  need  the  paperwork  now "  he  says. 
“The  system  we’re  going  to  put  in  for  them  is 
going  to  handle  about  20  orders  a  minute.” 

Routing  is  now  controlled  by  software  —  a 


Retail 

continued  from  page  10 

complexity  of  RFID  is  off-putting  to  many  com- 
panies.“it’s  difficult  and  risk^’he  said.“People 
like  to  talk  about  innovation,  but  very  few  like 
to  do  it.” 

That  needs  to  change,  Wal-Mart  and  Target 
executives  say.  Retailers  and  suppliers  need  to 
become  familiar  with  RFID.  “If  you  haven’t 
started,  get  going,” Singer  said. 

Not  all  retailers  agree.  Chico’s  isn’t  doing 
anything  with  RFID  right  now,  said  Ajit  Patel, 
CIO  of  the  Fort  Myers, Fla., apparel  chain.  Patel 
is  watching  the  technology,  but  so  far  sees  no 
compelling  reason  to  replace  bar  codes  with 
RFID  tags,  particularly  on  individual  items. 
Down  the  road  Chico’s  will  consider  tagging 
merchandise  cases,  but  not  before  the  tech¬ 
nology  matures,  he  said. 

Wilsons  Leather  is  also  hesitant.“I  still  think 
it’s  too  early’  said  Jeff  Orton,  CIO  of  the 
Minneapolis  retailer.  He  expects  Wilsons  to 
adopt  RFID,  but  not  now,  given  its  elusive  ROI. 

RFID  veterans  offered  advice  for  retailers 
considering  an  RFID  pilot  or  deployment. 

Focus  narrowly  said  Dick  Lampman,  senior 
vice  president  at  HPwhich  uses  RFID  in  some 
of  its  manufacturing  facilities  and  is  among 
the  eight  suppliers  involved  in  Wal-Mart’s 
ongoing  pilot. 

Make  it  a  multidisciplinary  project  from  the 
start,  Target’s  Singer  said.  RFID  is  not  just  an 
issue  for  supply-chain  personnel.  Network 
managers  need  to  be  involved  in  decisions 
about  how  the  data  generated  by  RFID  gear  is 
going  to  be  communicated  among  systems.* 


An  employee  at 
Stanford  University 
Medical  Center  uses  a 
pneumatic  tube  net¬ 
work  station.  The  car 
rier,  above,  was 
designed  with  tight 
seals  to  carry  liquids. 


Windows  XP-based  system,  in  Pneumatic 
Tube  Products’  case.  Users  enter  a  code  for 
the  destination  at  a  terminal  when  they  drop 
off  the  carrier,  and  the  software  controls  a 
mechanical  “transfer  unit”  that  handles  the 
carrier  at  points  where  different  tubes  meet. 

History  lesson 

Over  the  years,  depending  on  where  they 
were  and  who  built  them,  pneumatic  tube 
networks  might  carry  documents,  special 
postcards,  regular  mail  and  telegrams  hot  off 
the  long-haul  copper. 

The  technology  is  based  on  a  simple 
premise:  Push  air  into  a  tube  and  it  will  take 
whatever’s  in  the  tube  along  with  it.  Reduce 
the  air  pressure  and  things  will  get  sucked 
backward.  Using  that  principle,  a  postal 
agency  could  solve  a  serious  congestion 
problem  on  the  largely  unregulated  network 
called  city  streets. 

“Traffic  was  a  mess  in  the  big  cities  . . .  and  to 
have  one  of  its  mail  wagons  sitting  in  traffic 
for  20  minutes  while  two  horses  are  fighting 
or  someone  doesn’t  want  to  give  up  the  right 
of  way  it’s  a  waste  of  time,” says  Nancy  Fbpe,  a 
historian  at  the  National  Fbstal  Museum,  part 
of  the  Smithsonian  Institution  in  Washington, 
D.C.  Letters  moved  between  post  offices  in 
U.S.  cities  at  about  35  mph,she  says. 

By  the  early  20th  century  Philadelphia,  New 
York,  Boston,  Chicago  and  other  U.S.  cities  had 
pneumatic  networks,  as  did  Paris,  Berlin  and 
London.  But  when  business  districts  shifted 
around  and  post  offices  had  to  be  moved,  it 
proved  difficult  to  reroute  the  underground 
tubes,  Fbpe  says.Then  traffic  became 
smoother  when  cars  took  over. 

Few  postal  networks  soldiered  on  after 
World  War  I,  but  the  story  wasn’t  over  for  pri¬ 
vate  tubes.  Almost  every  department  store  in 
the  U.S.  had  tubes  carrying  cash  and  paper¬ 
work  in  the  1920s  and  1930s,  says  Craig 
Swank,  a  marketing  and  communications 
director  at  Swisslog  North  America,  one  of 
only  a  few  big  companies  left  making  tube 
networks. 

As  the  networks  grew,  the  technology  got 
more  complex.  Routing  was  needed,  first  in 
the  form  of  rooms  full  of  human  operators 
picking  up  a  carrier  from  one  tube,  reading 
its  destination  address  and  dropping  it  off  at 
another  “station"  to  go  into  another  tube. 
Starting  in  the  1950s, switching  went  electro¬ 
mechanical,  with  the  address 
encoded  using  a  dial  or  a  set 
of  magnetic  bands  on  the  out¬ 


side  of  the  carrier,  Swank  says. 

Then  credit  cards  came  along,  easing  up  on 
the  need  for  cash  handling  in  stores. 
Companies  started  using  e-mail. Tubes  lost 
their  effect  for  communication. 

However,  Swank  contends  that, “You  don’t 
need  that  use  out  of  a  tube  system  to  even 
come  close  to  justifying  it.” 

The  future.it  turned  out,  was  in  carrying 
things  that  can’t  be  e-mailed  or  faxed. 
Business  is  still  big,  relatively  speaking,  in 
healthcare,  Moeller  and  Swank  say 

And  while  the  age  of  postal  tubes  might 
be  over,  one  New  York  entrepreneur  wants  to 
see  information  go  through  them  again. The 
New  York  Mail  and  Newspaper  Transportation 
Co.  abandoned  the  27-mile  network  it  operat¬ 
ed  in  the  1950s,  leaving  behind  underground 
tubes  up  and  down  Manhattan.  Randolph 
Stark,  looking  for  a  way  to  wire  two  office 
buildings  with  one  connection  to  a  carrier’s 
fiber  in  2001,  remembered  having  heard  of  it. 

It  could  be  a  gold  mine,  Stark  thought:  a 
ring  of  10-inch-wide  metal  tubes  with  the 
long,  graceful  curves  that  optical  fiber  needs, 
running  underneath  some  of  the  most  expen¬ 
sive  real  estate  in  the  world.  Some  buildings 
once  housed  post  offices,  so  they  had  their 
own  way  into  the  network.  The  pitch  could 
be  irresistible  to  buildings  that  wanted  more 
capacity: “You  know  that  hole  in  your  base¬ 
ment?  Well,  we  know  where  it  terminates,” 
Stark  says  he  would  tell  them.  New  York  was 
just  one  of  many  cities  with  old  tubes. 

Stark  formed  a  company,  learned  that  the 
city  now  owned  the  tubes,  and  proposed 
leasing  them.  But  the  city  already  was  consid¬ 
ering  a  similar  idea  involving  old  water 
mains,  he  says.Then  came  the  Sept.  1 1,2001, 
attacks  and  the  telecom  crash.  Stark  still  has¬ 
n’t  actually  seen  any  of  the  tubes. 

“To  be  honest  with  you,  we  haven’t  done 
much  with  this  project  for  a  while,” Stark  says. 
However,  he  does  have  a  U.S.  patent,  issued 
last  year,  on  a  way  to  use  the  tubes  for  fiber. 

“That’s  the  only  person  I  know  of  who’s 
tried  to  make  something  out  of  this,”  the  Na¬ 
tional  Fbstal  Museum’s  Fbpe  says.  But  seeing 
as  the  tubes  have  been  abandoned  for  about 
50  years  and  a  lot  of  road  work  and  construc¬ 
tion  has  come  since  then,  they  may  not  be 
much  of  a  network  anymore. 

“I  can’t  imagine  what’s  left,”  Fbpe  says. 

Lawson  is  a  correspondent 
with  the  IDG  News  Service 's 
San  Francisco  bureau. 
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Can  your  network 
open  up  to  you? 


AT&T  BUSINESSDIRECT"  PORTAL  Can  your  network  share  its  feelings?  AT&T  equips  its  networks  with  technology 
that  makes  it  easy  for  you  to  monitor,  control  and  adapt  the  performance  of  your  network  from  a  single,  secure 
portal.  Offering  direct  and  immediate  visibility — it’s  like  having  an  Internet-accessible  network  control  center 
right  at  your  fingertips.  Which  means  your  on-line  ordering,  billing,  maintenance  and  network  management 
transactions  are  faster,  easier  and  more  accurate.  So  you  spend  less  time  servicing  your  network,  and  more 
time  serving  your  customers.  CAN  YOUR  NETWORK  DO  THIS?  For  a  positive  answer,  just  call  1-888-889-0234. 
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The  AT&T  BusinessDirect 

Portfolio  delivers  relationship 

management  advantages 

that  position  you  to: 

•  Make  cost  saving  business 
decisions,  backed  by 
critical  AT&T  networking 
performance  data. 

•  Proactively  address  changing 
business  conditions  by 
re-routing  toll-free  calls  and 
bringing  voice  trunks  in  and 
out  of  service. 

•  Launch  circuit  tests,  check 
network  alarms,  and  report 
service  interruptions,  without 
the  time-consuming  call 
screening. 

•  Improve  productivity  by 
resolving  service 
interruptions  quickly. 

•  Deploy  disaster  recovery 
plans  within  minutes. 

•  Review,  analyze  and  pay  your 
bills,  place  orders,  check 
current  inventory,  and  more 
-with  online  convenience. 

•  Manage  your  AT&T 
network  -  24x7. 


Hands-on  control  over  your 
network,  day  and  night 

With  the  AT&T  BusinessDirectSM  Portfolio  of  eServicing  capabilities,  you  can 
cost-effectively  manage  your  AT&T  relationship  around  the  clock. 

THE  AT&T  BUSINESSDIRECT  WEB  PORTAL 

AT&T  BusinessDirect  is  our  secure,  award-winning  Web  portal,  that  enables 
you  to  perform  a  variety  of  network  and  routine  supplier-management  tasks. 
BusinessDirect  Map,  provides  point-and-click  management  of  your  AT&T 
inventory  and  view  of  network  elements. 

Other  tools  allow  you  to  review,  analyze  and  pay  your  bills,  place  orders, 
check  current  inventory  and  more.  Powerful  performance  reporting  tools 
allow  you  to  monitor  your  AT&T  services  in  real-time,  including  AT&T 
Managed  Services,  such  as  Web  site  hosting. 

AT&T  eBONDING 

For  customers  that  submit  very  high  volumes  of  electronic  transactions,  such 
as  sen/ice  orders  or  trouble  reports,  AT&T  eBonding  is  the  answer.  AT&T 
eBonding  enables  your  internal  systems  to  interact  directly  with  AT&T’s 
internal  systems  so  you  don’t  have  to  re-key  data  into  a  web  browser,  data 
that  is  already  in  digital  form. 


WHAT  THE  INDUSTRY  IS  SAYING: 

•  “A  lot  of  service  providers  are  moving  to  Web-based  customer  care  to 
enhance  their  customer  care  and  to  increase  efficiencies,”  says  Sandra 
Palumbo,  a  senior  analyst  with  the  Yankee  Group.  "AT&T  is  the  furthest 
along  at  this  point.  Anecdotal  evidence  indicates  that  customers  are 
very  pleased  with  it.” 

WHAT  THE  CUSTOMERS  ARE  SAYING: 

•  "The  reliability  of  our  data  infrastructure  and  consistent  availability  of 
data  are  critical  to  the  enduring  success  of  our  business  and  that  of  our 
travel  industry  partners,”  said  David  Lauderdale,  chief  technical  officer 
and  senior  vice  president  -  Worldwide  Technical  Operations  for  Worldspan. 
“By  strengthening  our  computer  system  capability  infrastructure  through 
AT&T’s  support,  we  will  be  able  to  virtually  guarantee  network  efficiency 
and  dependable  access  to  data.” 


For  more  information,  contact  your  AT&T 
Representative,  or  visit  www.att.com/networking. 
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■  LAN/WAN  SWITCHES  AND  ROUTERS 

■  ACCESS  DEVICES  ■  SERVERS  ■  VPNS 

■  OPERATING  SYSTEMS  ■  NETWORKED  STORAGE 

■  VOIP  ■  WIRELESS  NETWORKS 


■  The  U.S.  Patent  and  Trademark 
Office  last  week  gave  Rad  Data 
Communications  a  patent  for  its 
TDM-over-IP  technology,  which 

the  vendor  has  sold  to  companies  and 
carriers  since  1999.  TDM  over  IP 
works  by  encapsulating  segments  of  a 
TDM  voice  stream  and  sending  them 
across  a  network  as  User  Datagram 
Protocol/IP  packets.  A  TDM-over-IP 
gateway  on  the  receiving  end  gets  the 
packets,  synchronizes  with  the  TDM 
time  slot  of  the  sending  device  and 
reassembles  the  voice  stream.  Rad 
Data  says  it  has  more  than  20,000 
TDM-over-IP  gateways  and  module 
cards  for  PBXs  installed. 

■  Hitachi  Data  Systems  recently 
announced  a  new  high-end  storage 
array  and  enhancements  to  its 
HiCommand  management  software. 

The  Hitachi  Thunder  9585V  is  the 

company's  largest  midrange  storage 
array.  It  can  store  up  to  64T  bytes  of 
data  and  can  attach  to  as  many  as 
1,024  servers.  Hitachi  also  introduced 
HiCommand  Path  Provisioning,  which 
provides  end-to-end  provisioning  of 
storage  resources,  and  HiCommand 
QoS  for  Sybase,  which  ties  storage 
resources  and  availability  to  the  popu¬ 
lar  application.  HiCommand  Path  pro¬ 
visioning  starts  at  $6,000;  HiCom¬ 
mand  QoS  for  Sybase  starts  at 
$5,000;  a  Thunder  9585V  with  seven 
146G-byte  drives  starts  at  $100,000. 

■  IBM  is  using  VMware’s  virtual 
machine  technology  as  a  key  part 
of  its  on-demand  computing  push  for 
its  x86-based  systems,  including  blade 
servers.  The  two  companies  last  week 
announced  they  were  extending  an 
alliance  that  began  in  2002.  VMware, 
now  owned  by  EMC,  says  the  deal 
calls  for  IBM  to  offer  its  virtualization 
technology  on  its  servers  through 
2007.  VMware  will  provide  partitioning 
capabilities  on  the  x86  machines  as 
part  of  IBM's  Virtualization  Engine, 
which  Big  Blue  announced  last  month 
to  tie  together  server  virtualization, 
management  and  provisioning.  IBM 
uses  its  own  partitioning  technology 
on  its  RISC-based  servers. 


Blade  servers  get  integrated 

■  BY  JENNIFER  MEARS 


The  competition 

While  IBM  is  the  first  to  integrate  Brocade  storage  and  Cisco  network 
switching  into  its  blade  servers,  all  the  systems  vendors  are  focused  on 
making  it  easier  to  integrate  blades  into  data  center  architectures: 


Blade  servers,  those  compact  slices  of 
computing  power  that  fit  into  racks  like 
books  in  a  bookshelf,  have  largely  been 
relegated  to  running  front-end  jobs  in  the 
data  center  —  tasks  such  as  Web  serving, 
caching  and  firewalls.  But  increasingly, 
business  customers  are  looking  to  blades 
for  data  center  consolidation,  hoping  to 
run  databases  and  other  critical  applica¬ 
tions  on  the  systems. 

Vendors  are  responding  to  the  demand 
by  adding  features  and  power  to  blade 
servers  to  make  them  more  capable  of 
supporting  transaction-oriented  applica¬ 
tions  and  higher-performing  workloads. 
They’re  also  working  to  make  it  easier  for 
end  users  to  integrate  the  blades  into  data 
center  architectures. 

Consider  earlier  this  month  when  IBM 
announced  that  it  was  embedding  Fibre 
Channel  switches  from  Brocade  into  its 
BladeCenter  systems.  That  news  came 
about  two  weeks  after  IBM  and  Cisco 
detailed  an  expanded  relationship  that 
also  included  integrating  Cisco’s  Intelli¬ 
gent  Gigabit  Ethernet  Switch  Module  into 
BladeCenter. 

Most  of  the  systems  vendors  provide 
SAN  and  Ethernet  connectivity  for  some 
of  their  blade  servers,  but  most  require 


HP 

Offers  integrated  Fast  Ethernet  and  Gigabit 
Layer  2  managed  switches  and  a  patch  panel 
option  so  that  customers  can  connect 
directly  to  their  network  architecture.  Its 
Storage  Connectivity  Kit  provides  a  Fibre 
Channel  pass-through  connection  for  SANs 
for  its  p-Class  blades. 


RLX 

Includes  its  own  integrated  Ethernet 
switches,  and  a  pass-through  card  to 
connect  to  external  switches.  For  Fibre 
Channel,  partners  with  Qlogic  for  pass¬ 
through  connectivity  through  a  host  bus 
adapter.  Also  supports  InfiniBand  by 
integrating Topspin  switches.  RLX’s  Control 
Tower  management  software  manages  RLX 
and  non-RLX  blades,  and  1U  servers. 

pass-through  boards  or  other  approaches 
to  connect  into  the  network  infrastruc¬ 
ture.  Consequently,  users  have  to  run 
cables  from  each  blade  to  an  external 


Sun 

Includes  up  to  two  integrated  GigE 
switches  in  its  Sun  Fire  B1600  Blade 
Platform,  but  doesn't  currently  support 
Fibre  Channel.  Offers  specialty  network 
blades  for  load  balancing  and  security  and 
provides  blade  management  with  N1 
Provisioning  Server  3.1  Blades  Edition. 


Dell 

Includes  up  to  two  integrated  Layer  2 
managed  switches  and  dual  integrated 
Gigabit  network  interface  cards  in  each 
blade. 


Fibre  Channel  or  Ethernet  switch.  For 
example,  HP  was  the  first  to  offer  Fibre 
Channel  SAN  connectivity  for  its  blades, 

See  Blades,  page  24 


PolyServe  to  cluster  Windows  servers 


■  BY  JENNIFER  MEARS 

FblyServe,  which  specializes  in  software 
for  Linux  clusters,  is  unveiling  a  product 
this  week  that  brings  its  expertise  in  shared 
data  clustering  to  Windows  environments 
with  the  aim  of  letting  users  consolidate 
stand-alone  servers. 

FblyServe’s  Matrix  Server  for  Windows 
2000  and  Windows  Server  2003  is  designed 
to  take  Windows  clustering  beyond  high 
availability  to  support  scalable  clusters  that 
can  be  managed  from  a  central  location. 

Matrix  Server  takes  a  different  approach 
than  traditional  Windows  clustering  prod¬ 
ucts  from  vendors  such  as  Microsoft  and 
Veritas  Software  by  letting  data  be  shared 
across  all  the  nodes  in  a  cluster,  says  Steve 
Norall,  director  of  marketing  at  FblyServe. 
The  key  to  the  software  is  a  clustered  file 
system  that  lets  all  servers  tied  to  a  SAN 
share  data.  In  most  Windows  clusters,  one 


active  node  would  have  access  to  data, 
which  would  have  to  be  moved  to  the  sec¬ 
ond  node  in  a  failover,  Norall  says. 

“With  FblyServe  all  data  is  seen  by  all  the 
nodes  in  the  cluster  simultaneously  and 
those  servers  are  virtualized  as  one  entityf 
he  says. 

As  a  result, users  can  move  databases  and 
other  applications  off  of  bigger, stand-alone 
boxes  and  onto  clusters  of  less  expensive, 
smaller  machines,  Norall  says. 

Steve  Stone,  IT  associate  at  Texas  A&M’s 
Department  of  Food  Services  in  College 
Station,  has  run  Matrix  Server  since  March 
to  support  Microsoft  SQL  Server  running 
on  Win  2000.  Previously  the  database  ran 
on  a  four-processor  server,  but  is  now  on  a 
cluster  of  two  dual-processor  Dell  Fbwer- 
Edge  4650s.  Stone  says  he  decided  to  move 
to  the  cluster  after  having  problems  with 
downtime. 

“The  cluster  is  a  single  point,  but  1  can 


take  down  a  server,  and  the  other  server 
picks  up  and  keeps  going,”  he  says.  “The 
data  is  never  offline,  and  both  servers  have 
access  to  all  the  data  all  the  time.” 

Stone  says  he  plans  to  expand  the  cluster 
and  expects  significant  savings  because  he 
won’t  have  to  run  multiple,  big  boxes. 

“We  can  get  smaller  boxes  and  throw 
them  in  there,  and  it  acts  as  one  big 
machine,”  he  says.  Matrix  Server  supports 
up  to  16  servers. 

“I  like  the  fact  that  all  the  servers  share 
the  information.  It  makes  it  really  easy  to 
scale  out  because  all  you  have  to  do  is 
hook  up  a  new  server  to  the  SAN,  then  put 
the  FblyServe  software  on  there  and  it  sees 
the  data  right  awayf  Stone  adds. 

FblyServe  plans  to  launch  Matrix  Server 
for  Win  2000  and  Win  2003  at  the  Microsoft 
Tech-Ed  conference  in  San  Diego.  The 
products  are  priced  starting  at  $1,500 
per  CPU.B 
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New  hardware  brings  10G  LANs  closer  to  reality 

Latest  products  provide  corporations  with  more  options  to  decrease  data  center  and  LAN  bottlenecks. 


a  BY  PHIL  HOCHMUTH 

With  the  spate  of  new  1 OG  gear,  analysts  say,  corpora¬ 
tions  have  more  options  for  alleviating  data  center  and 
LAN  bottlenecks. 

Just  as  3Com  and  Foundry  Networks  made  10G  product 
announcements  earlier  this  month  at  NetWorld+Interop, 
several  10G  Ethernet  adapters  for  servers,  workstations  and 
network-attached  storage  (NAS)  devices  are  being  an¬ 
nounced  this  week  by  Silicon  Graphics  and  start-up 
Chelsio  Communications. 

While  the  10G  market  is  still  young  —  products  are 
mostly  test  toys  in  high-end  research  and  enterprise  net¬ 
works  —  some  corporations,  such  as  hospitals  with  digi- 

fc I  Vendors  are  recognizing  that 
while  not  an  absolute  necessity  for 
customers,  [10G]  does  a  play  in 
certain  niche  markets.  1  § 

Max  Flisi 

Analyst,  I  DC 

tized  radiology  images  stored  on  servers  or  financial  firms 
with  compute-intensive  applications, already  are  turning  to 
10G  Ethernet. 

Among  the  recent  10G  product  news: 

•  Silicon  Graphics  is  expected  to  announce  this  week 
that  it  will  integrate  S2IO’s  10G  Xframe  adapter  into  a  line 
of  high-end  Intel-based  servers,  NAS  devices  and  high-end 
workstations.  Linux  and  Windows  can  run  on  10  Gigabit 
workstations  and  servers,  while  the  lOG-enabled  NAS 


boxes  will  run  a  proprietary  Unix  operating  system. 

•  Chelsio  this  week  is  expected  to  launch  itsTl  10, a  10G 
adapter  that  includes  TCP/IP  offload  engine  (TOE)  tech¬ 
nology,  which  lets  TCP/IP  processing  —  normally  execut¬ 
ed  in  software  on  a  server  processor  —  run  on  the  server 
network  interface  card  (NIC).This  frees  server¬ 
processing  resources  and  lets  users  run  more 
powerful  applications  on  fewer  machines. 

•  Foundry  announced  an  eight-port  10G 
Ethernet  switch,  aimed  at  LAN  aggregation 
layers  or  for  connecting  clusters  of  10G- 
enabled  servers  in  a  high-performance  com¬ 
puting  cluster. 

Foundry’s  new  switch  is  an  eight-port  10G  box  aimed  at 
companies  with  large  server  clusters  or  small  backbones. 
The  Edgelron  8X10G  includes  eight  XFP-based  10G 
Ethernet  ports,  which  can  be  outfitted  with  optics  for  long- 
or  short-haul  10G  over  single-  or  multi-mode  fiber.  Foundry 
says  the  Layer  2  switch  can  process  up  to  120  million  pack¬ 
ets  per  second  on  each  port. 

•  3Com  released  two  new  10/1 00/ 1 000M  bit/sec  boxes 
recently  that  include  10G  expansion  slots  for  uplinking  to 
a  10G  core  switch. 

3Com’s  switch  is  aimed  at  wiring  closets  or  end-user  work 
groups  where  high-speed  desktops  are  used  and  even 
higher-speed  aggregation  uplinks  are  needed.  The  Super- 
Stack  3  Switch  3870  series  includes  24-  and  48-port  boxes 
with  10/1 00/ 1 OOOM  bit/sec  Ethernet  on  all  ports.  A  10G  ex¬ 
pansion  module  is  included  on  the  back,  and  a  40M 
bit/sec  interconnect  for  3Com’s  proprietary  stacking  tech¬ 
nology  also  is  included. 

3Com’s  stacking  technology  lets  up  to  eight  SuperStack 
3870s  be  linked  together  with  a  40G  bit/sec  backplane.The 
stack  can  be  managed  as  one  virtual  switch,  with  one  IP 
address.  3Com  is  touting  the  switches  as  a  way  to  plan  for 


future  10G  connections  to  a  10G  core.3Com  currently  does 
not  have  a  10G  module  for  its  Switch  7700  core  switch. 

“These  [switch]  announcements  are  indicative  of  the 
general  trend  that  10G  is  continuing  to  gain  momentum  in 
the  industry/’ says  Max  Flisi, an  analyst  with  IDC.“Vendors  are 


recognizing  that  while  not  an  absolute  necessity  for  cus¬ 
tomers,  [10G]  does  have  a  play  in  certain  niche  markets." 

Dell’Oro  Group  estimates  that  pricing  for  10G  Ethernet 
ports  will  fall  from  an  industry  average  of  about  $9,000  this 
year,  to  about  $1,000  per  port  by  2007. 

Meanwhile,  Gartner  says  that  10G  NIC  prices  will  drop  by 
50%  over  the  same  time,  reaching  about  $3,000  per  adapter 
by  2007.  Analysts  predict  that  the  market  for  10G  products 
will  grow  from  $500  million  this  year  to  about  $1.6  billion 
by  2007. 

The  3Com  SuperStack  3  Switch  3870  48-port  switch 
costs  $6,000,  and  the  24-port  Switch  3870  costs  $4,000. 
Both  boxes  are  scheduled  to  ship  next  month.  Foundry’s 
Edgelron  8X10G  also  ships  next  month,  with  pricing  to  be 
released  then. 

Silicon  Graphics  servers,  workstations  and  NAS  boxes 
will  be  available  in  the  third  quarter  of  this  year  with  pric¬ 
ing  to  be  released  later. 

The  Chelsio  10G  NICs  with  TOE  capabilities  will  be 
demonstrated  this  week  at  the  GridToday  2004  trade  show 
in  Philadelphia,  with  pricing  and  availability  to  be 
announced  later.  ■ 


Foundry's  Edgelron  8X106  can  link  clusters  of  lOG-enabled  servers,  or  act 
as  a  small  10G  backbone  switch. 
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Virtual  tape  gets  a  boost 


■  BY  DENI  CONNOR 

Users  of  virtual  tape  got  a  boost  last  week  with  Bus- 
Tech’s  introduction  of  the  Mainframe  Appliance  for 
Storage  for  EMC  Centera,  which  lets  customers  more 
quickly  save  and  retrieve  fixed  content  data. 

Virtual  tape  is  the  ability  for  a  disk  drive  to  mimic  a 
tape  library  for  back-up  and  recovery  purposes.  A  vari¬ 
ety  of  vendors  have  adopted  virtual  tape,  including 
established  companies  such  as  EMC,  IBM  and 
StorageTek  and  start-ups  Diligent  and  Sepaton. 

Unlike  Virtual  tape  systems  from  IBM  and  StorageTek 
which  are  software-based,  Bus-Techs  implementation 
is  as  an  appliance  that  supports  Enterprise  System 
Connection  (ESCON)  attachments  to  the  mainframe 
and  Gigabit  Ethernet,  Fibre  Channel  or  Ultra  SCSI 
attachments  to  storage  devices.  It  is  similar  to 
Quantum’s  and  Sepaton’s  devices,  except  that  it  does 
not  have  any  storage  capacity 

Bus-Tech’s  Mainframe  Appliance  for  Storage  lets 
mainframe  data  be  backed  up  to  open  systems  storage 
such  as  EMC  Symmetrix  DMX  or  IBM’s  Enterprise 
Storage  Server.lt  connects  to  the  mainframe  via  ESCON 
or  Fibre  Connection  and  then  to  the  storage  device, 
effectively  emulating  as  many  as  64  IBM  tape  drives. 

The  Mainframe  Appliance  looks  to  the  mainframe 
like  an  IBM  3840  tape  drive.  It  stores  and  retrieves  data 
from  the  EMC  Centera  and  can  reduce  the  floor  space 
required  for  tape  drives  and  car¬ 
tridge  storage.  It  also  can  reduce 
staff  costs  associated  with  manag¬ 
ing  a  large  tape  library  and  reduce 
or  eliminate  the  overall  number  of 
tape  cartridges  needed  to  support 
those  applications. 

Traditionally,  users  have  thought 


of  virtual  tape  as  a  mainframe  implementation.  IBM 
and  StorageTek  have  dominated  the  market  with 
StorageTek  owning  62%  of  the  market  and  IBM  gar¬ 
nered  38%  in  2003,  according  to  Gartner. 

Tape  emulation  though  has  made  it  to  open  sys¬ 
tems,  where  it  is  used  with  Solaris,  Windows  and 
Linux  hosts.  Diligent  has  an  open-systems-based 
VTF  Open,  which  runs  on  a  Linux  server  and  works 
with  back-up  software  from  Computer  Associates, 
Legato  Systems,  Tivoli  and  Veritas  Software,  among 
others.  Sepaton  has  its  S2100  Virtual  Tape  Library 
System,  an  appliance  that  offers  from  6T  to  200T 
bytes  of  storage. 

Raul  Diaz,  director  of  IT  for  Beyond  Genomics  in 
Waltham,  Mass.,  uses  Sepaton’s  appliance  to  back  up 
9T  bytes  of  data. 

“It  used  to  take  us  more  than  48  hours  to  back  up 
data,”  Diaz  says.  With  the  Sepaton  appliance,  Diaz  now 
backs  up  data  four  to  five  times  as  fast. 

EMC  also  has  caught  the  wave  of  virtual  tape.  The 
company  introduced  the  Clariion  Disk  Library  last 
month,  which  the  company  says  backs  up  data  30% 
to  60%  faster  than  tape  and  recovers  data  90%  faster. 

The  Yankee  Group  estimates  that  the  market  for 
open  systems  virtual  tape  will  increase  from  $210  mil¬ 
lion  in  2003  to  $720  million  in  2007. 

“Virtual  tape  is  not  a  big  market  right  now,  but  it 
will  grow  as  people  will  continually  look  at  options 
to  deal  with  data  retention,  which  will 
require  better  access  to  data  than 
tape  can  sometimes  provide,”  says 
Jamie  Gruener,  a  senior  analyst  for 
Yankee. 

The  Bus-Tech  Mainframe  Appliance 
for  Storage  for  EMC  Centera  starts  at 
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Dell  pumps  up  PDA 
with  Bluetooth  support 

■  BY  TOM  KRAZIT 

Dell  last  week  unveiled  three  Axim  PDAs,  adding  the  Blue¬ 
tooth  short-range  wireless  network  technology  to  its  PDAs  for 
the  first  time. 

The  Axim  X30  models  are  also  Dell’s  first  PDAs  to  use  Intel’s 
new  XScale  processors.  Four  PXA270  processors  were  released  in 
April,  featuring  clock  speeds  from  312MHz  to  624MHz,  and 
improved  security  and  multimedia  features.  Pal mOne’s  new  Zire 
72  was  launched  in  April  with  the  312-MHz  chip. 

Dell  also  provides  nonwireless  and  wireless  versions  of  the  X30. 
The  two  wireless  configurations  come  with  support  for  802. 1 1  b  Wi¬ 
Fi  networks  and  Bluetooth. 

Bluetooth  is  designed  as  a  cable-replacement  technology  for 
peripheral  devices, says  Gervaise  Nix,  product  marketing  manager 
for  Axim.  Several  customers  in  Europe  also  use  Bluetooth  PDAs  to 
connect  to  Bluetooth  cell  phones  to  synchronize  data  and  con¬ 
nect  to  the  Internet  over  the  cell  phone’s  modem. 

Dell  next  month  will  introduce  several  peripherals  such  as  a 
Bluetooth  keyboard  and  a  global  positioning  system  kit  to  use 
with  the  Axim  X30,  Nix  says. 

The  X30  has  the  same  dimensions  as  the  X3,  a  slimmed-down 
version  of  Dell’s  X5  PDA,  Nix  says.  The  X30  measures  122.4  mm 
high  by  77.2  mm  wide  by  14.9  mm  thick  and  weighs  139  grams.  It 
comes  with  a  3.5-inch  display  and  a  Secure  Digital  I/O  slot. 

The  Axim  X30  costs  $199  without  any  wireless  technology  That 
version  comes  with  a  312MHz  PXA270  processor,  32M  bytes  of  syn¬ 
chronous  dynamic  RAM  (SDRAM)  and  32M  bytes  of  Intel’s 
StrataFlash  ROM. 

A  unit  with  802.11b,  Bluetooth,  the  312MHz  PXA270  processor, 
64M  bytes  of  SDRAM  and  64M  bytes  of  ROM  costs  $249  after  a  $30 
rebate.The  same  unit  with  the  624-MHz  processor  costs  $349. 

Krazit  is  a  correspondent  with  the  IDG  News  Service’s  Boston 
bureau. 
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Ahead  of  the  threat 
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For  real  protection,  demand  proven  expertise  from 
Internet  Security  Systems. 


To  a  router  company,  security  is  just  an  afterthought,  a  reactive  approach  to  Internet  threats.  Why  trust  such  a  critical 
operation  to  an  unqualified  source?  Only  Internet  Security  Systems'  singular  focus  on  security  provides  the  intelligence  to 
preemptively  stop  threats  BEFORE  they  impact  your  network.  This  preemptive  power  is  now  possible  across  your  entire  IT 
infrastructure  through  the  Proventia™  Security  Platform.  Need  proof?  Get  your  free  whitepaper,  Preemptive  Protection: 
Setting  a  New  Standard  in  Security,  at  www.iss.net/proof/wp  or  call  800-776-2362. 
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Linux  creeps  into  the  enterprise 


It  is  not  a  question  of  “if”  you’ll  deploy 
Linux  in  your  company  but  rather  when 
—  and  how  deep.There’s  a  good  chance 
that  you’ve  deployed  it  already  and  don’t 
know  it.  Even  if  you’re  not  ideologically 
opposed  to  Microsoft,  there  are  just  too 
many  benefits  to  ignore  Linux  for  very  long. 

The  first  place  you’ll  see  it  —  or  rather, 
deploy  it  —  is  likely  with  the  various  appli¬ 
ances  you  install  to  handle  network  secur¬ 
ity  and  various  storage-related  functions. 
Where  many  companies  used  to  use  pro¬ 
prietary  real-time  operating  systems  like 
VxWorks  as  the  “core”  for  their,  say  URL 
scanning  or  XML  encryption  appliance, 
nowadays,  it’s  a  good  bet  that  a  Linux  build 


is  at  the  core. 

While  there  are  a  plethora  of  security  ser¬ 
vices  (such  as  Check  Point’s  firewall)  that 
run  Windows  2000  as  a  base,  my  unscien¬ 
tific  survey  of  appliances  that  have  come 
through  our  doors  in  the  past  year  seem  to 
be  more  and  more  based  on  Linux. 
(Microsoft  has  made  a  concerted  effort  to 
make  inroads  in  the  realm  of  embedded 
systems,  but  that  is  a  whole  other  story) 

More  visible  will  be  the  emergence  of 
Linux-based  servers  and  desktops  that 
interact  with  existing  MS-based  systems  on 
your  corporate  network. 

While  you  can’t  expect  to  find  highly 
Microsoft-centric  implementations  like 
.Net  Framework  running  on  a  Linux-based 
Apache  Web  server, you’ll  have  no  problem 
getting  “vanilla”  functions  such  as  Web 
servers  and  Simple  Mail  Transfer  Protocol 
(e-mail)  Linux  systems  with  which  your 
corporate  users  can  interact. 

And  even  for  desktop  users,  Linux  has 


come  a  long  way  in  the  past  year.  Out  of  the 
box.  Red  Hat  Linux  9.0  installed  easily  on 
several  systems  we  experimented  with. 
While  the  load-time  messages  can  be  a  bit 
unnerving  for  non-technical  users,  they 
safely  can  be  ignored  (in  most  instances) 
and  users  can  interact  with  the  GUI. 

A  key  Linux-Microsoft  integration  compo¬ 
nent  is  SAMBA,  an  implementation  of  SMB- 
C1FS,  aka  Microsoft’s  LAN  file  system. 
Packaged  with  the  Red  Hat  distribution.it  is 
not  installed  automatically  and  requires 
more  administration  than  on  a  Microsoft 
machine.  But  once  installed,  it  lets  Linux 
users  access  Microsoft  shares  and  lets 
Linux  machines  function  as  Microsoft- 
compatible  servers. 

For  those  times  when  you  simply  must 
execute  on  a  Microsoft  machine,  there  is 
always  Citrix  Systems.  While  not  included 
with  the  Red  Hat  distribution,  it  took  but  a 
few  clicks  on  the  Mozilla  browser  to  down¬ 
load  and  install  the  Citrix  Linux  ICA  client. 
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A  few  minutes  later,  I  was  running  Microsoft 
Access  “native”  through  the  Citrix  window. 

Finally,  the  license  structure  of  open 
source  is  serving  as  a  catalyst  for  innova¬ 
tion  in  the  enterprise  —  especially  when 
it  comes  to  multifunction  security  for 
small  to  midsize  businesses  (SMB).  A  cur¬ 
rent  project  with  Astaro  provides  a  text¬ 
book  example. 

Recognizing  that  SMBs:  1)  need  security 
as  much  as  anyone;  2)  rarely  need  the  high- 
end  features  of  “point  products,”  and;  3)  are 
very  cost-conscious,  the  company  has  bun¬ 
dled  a  slew  of  “open  source”  firewall,  VPN, 
anti-spam,  etc.,  functions  that  provide  inte¬ 
gration  of  the  aforementioned  as  its  key 
value-add. 

So  note  to  self  —  begin  learning  Linux! 

Tolly  is  president  of  The  Tolly  Group ,  a 
strategic  consulting  and  independent  testing 
company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@toliy.com. 


1 We're  starting  to  consider  more  grid  pro¬ 
jects,  and  we’re  looking  at  BladeCenter  as 
being  a  key  component  of  that,, 

Harry  Williams 

Director  of  technology  and  systems,  Marist  College 


Blades 
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but  does  so  using  a  mezzanine  board  or 
host  bus  adapter. 

IBM  is  integrating  the  actual  switch  into 
BladeCenter,  thus  reducing  cabling  require¬ 
ments  and  letting  users  seamlessly  connect 
their  blades  into  Brocade-  and  Cisco-based 
networks.  The  switches  fit  into  the  back  of 
the  BladeCenter  chassis  and  offer  their 
suite  of  management  capabilities.  Analysts 
say  IBM  is  the  first  to  focus  on  integrating 
third-party  switches  into  its  blade  offerings, 
though  they  note  HP  and  IBM  have  inte¬ 
grated  Nortel-based  switches  into  their 
blade  chassis. 

“Without  these  integrated  modules 
you’d  have  to  take  the  vendor’s  own 
[switch],  which  then  wouldn’t  integrate 
nearly  as  well  with  your  overall  infrastruc¬ 
ture  and,  therefore,  the  blades  would  tend 
to  be  an  island  off  to  the  side.  Or  you 
would  have  to  use  the  Brocade  or  the 
Cisco  switches  as  external  components. 
And  then  you  lose  some  of  the  integrated 
nature  of  the  blade,”  says  Gordon  Haff,  an 
analyst  at  llluminata.  “By  integrating  the 
switches,  it  lets  you  stay  within  the  inte¬ 
grated  blade  environment  while  at  the 
same  time  staying  within  your  existing 
switch  infrastructure.” 

That’s  a  capability  that  users  say  will  let 
them  do  more  with  the  blade  systems. 

Harry  Williams,  director  of  technology 
and  systems  at  Marist  College  in  Pough¬ 
keepsie,  N.Y.,  has  used  IBM  blade  servers 
for  about  a  year  to  run  distance-learning 
applications.  He  says  the  integrated  Cisco 
switch  will  reduce  management 
headaches  and  let  him  expand  his  use  of 
the  blades. 

“[The  Cisco  switch  module]  takes  up  less 
room  in  our  rack,  and  it  more  tightly  inte¬ 
grates  with  all  of  our  other  network  man¬ 
agement  tools.  And  there’s  less  cabling, 
fewer  things  to  break  and  fewer  things  to 


bu>(  he  says.  “We’re  going  to 
look  at  how  this  can  drive 
new  projects.  We ’re  starting  to 
consider  more  grid  projects, 
and  we’re  looking  at  Blade 
Center  as  being  a  key  com¬ 
ponent  of  that.” 

With  IBM  and  Cisco  inte 
grating  their  products,  his 
staff  no  longer  has  to  focus 
on  making  sure  the  technole 
gies  work  well  together,  Williams  says. 

“And  1  don’t  get  the  finger-pointing 
between  vendors,”  he  says.“They’re  telling 
me  these  things  are  going  to  work  togeth¬ 
er  before  they  even  arrive  at  my  shop.” 

Across  the  board,  systems  vendors  say 
they  will  continue  to  look  at  ways  to  better 
integrate  blades  into  storage  and  network 
architectures. 

Tejas  Vakil,  vice  president  of  marketing 
at  RLX  Technologies,  for  example,  says 
that  while  his  firm’s  management  soft¬ 
ware,  called  Control  Tower,  is  the  key  to 
integrating  the  blades  into  the  overall 


■  BY  LAURA  ROHDE 

IBM  and  Cisco  last  week  announced  that 
they  agreed  to  jointly  develop  and  sell  IP 
telephony  systems. 

As  part  of  the  agreement,  Cisco’s  voice, 
video  and  conference  products  will  be 
coupled  with  IBM’s  Global  Services  offer¬ 
ings,  the  companies  said  in  a  statement. 

Along  with  selling  the  IP  products  and 
services  through  its  Global  Services  con¬ 
tracts,  IBM  and  Cisco  also  will  offer  the  new 
and  current  products  to  independent  soft¬ 
ware  vendors  and  service  providers  that 
want  to  serve  as  channel  partners,  the  com¬ 
panies  said. 

The  current  Cisco  products  include  its 


data  center  infrastructure,  he  doesn’t  rule 
out  integrating  third-party  switches  into 
the  blade  chassis  as  IBM  has  done.  HP 
also  says  that  it  plans  blade  fabric  switch¬ 
ing  announcements. 

But  analysts  say  blades  still  face  some 
hurdles  when  it  comes  to  widespread 
adoption.  For  one  thing,  the  blades  are  still 
about  the  same  price  as  comparable  1U 
servers  and  must  be  bought  with  a  blade 
chassis.  Users  say  that  buying  multiple 
blades  is  where  real  savings  come  in. 

Vendors  must  continue  to  work  to  better 
integrate  the  blades  into  the  data  center, 


CallManager  call-processing  software,  Call- 
Manager  Express,  its  communication  ser¬ 
vices  Unity  and  Unity  Express,  Meeting- 
Place,  Personal  Assistant  and  its  IP  Contact 
Center.  Those  products  will  be  integrated 
with  IBM  products  such  as  Lotus  Domino 
unified  communications,  IBM’s  Informa¬ 
tion  Management  database  software  and 
Tivoli  systems  management  certification. 

IBM  will  offer  support  for  Cisco  Call- 
Manager  on  its  eServer  xSeries  x345  and 
x306  server  platforms,  and  on  two  new 
Cisco  media  convergence  servers,  the  MCS 
78151  and  the  MCS  78251,  based  on  IBM 
technology  the  companies  said. 

The  agreement,  for  which  financial 
details  were  not  disclosed,  builds  on  an 


analysts  say 

“[Symmetric  multi-pro¬ 
cessing]  blades  are  a  big 
strength.  So  are  multi-plat- 
form,  multi-operating  sys¬ 
tem  blade  offerings.  Cus¬ 
tomers  don’t  want  to  just 
consolidate  one  architec¬ 
ture  or  operating  system 
onto  blades,  they  are  look¬ 
ing  at  consolidating  multi¬ 
ple  operating  systems  into  the  blade  form 
factor,”  says  Sarang  Ghatpande,  lead  ana¬ 
lyst  for  industry-standard  computing  plat¬ 
forms  at  D.H.  Brown. “There  is  a  lot  of  inter¬ 
est  in  RISC/UNIX,  [Intel  Itanium]  and 
Opteron-based  blade  products  [running 
together]  in  a  single  chassis,  and  vendors 
addressing  this  would  have  a  much 
stronger  value  proposition  than  someone 
selling  only  a  single  type  of  blade  product 
within  a  chassis.” 

Another  issue  is  the  lack  of  standardiza¬ 
tion  among  blades  and  the  inability  to 
combine  blades  from  different  vendors. ■ 


existing  relationship  between  the  two  com¬ 
panies.  IBM  has  implemented  20,000  Cisco 
IP  telephones  since  first  installing  its  IP  tele¬ 
phony  at  IBM’s  Toronto  software  laboratory 
in  2001,  the  companies  said. 

Earlier  this  year,  Cisco  and  IBM  began  a 
collaboration  on  security  letting  customers 
authenticate  IBM-based  laptop  and  PC 
clients  on  Cisco-based  LAN  and  remote- 
access  infrastructures.  As  part  of  that  effort, 
the  companies  integrated  security  man¬ 
agement  products  such  as  IBM  Tivoli’s 
Identity  Manager  with  Cisco’s  Access 
Control  Server. 

Rohde  is  a  correspondent  with  the  IDG 
News  Service's  London  bureau. 
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NetVanta  1224STR 
The  functionality  of  five 
devices  for  the  price  of  one 


Introducing  the  NetVanta  1 224STR  from  ADTRAN. 
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Dare  to  Compare! 

NetVanta 

1224STR 

Managed,  24-Port 

Layer  2  Switch 

✓ 

Gigabit  Ethernet  Uplinks 

✓ 

IP  Access  Router 

✓ 

Stateful  Inspection  Firewall 

✓ 

DSU/CSU 

✓ 

QoS 

✓ 

VLAN  trunking 

✓ 

Command  Line  Interface  (CLI) 

✓ 

Intuitive  Web  GUI 

✓ 

ADTRAN  OS 

✓ 

Optional  Virtual  Private 
Networking 

✓ 

Optional  Dial  Backup 

✓ 

Optional  PBX  Connectivity 

✓ 

Unlimited  Telephone 

Technical  Support 

✓ 

Free  Firmware  Updates 

✓ 

5-Year  Warranty 

✓ 

Lower  the  cost  of  enterprise  connectivity  with  the  powerful  new 
NetVanta  1224STR.  This  full-function  WAN/LAN  access  platform 
does  the  work  of five  devices  for  the  price  of  one.  Suitable  for  networks 
of  any  size,  the  NetVanta  1224STR  offers  everything  you  need  to  bring 
a  branch  office  or  remote  location  online,  including  managed  Layer  2 
Ethernet  switching,  full-featured  IP  routing,  firewall  protection,  VPN, 
and  WAN  termination — all  in  a  compact  1U  chassis.  It  is  QoS,  VLAN, 
and  Gigabit  Ethernet  capable,  and  offers  affordable  dial  backup  and 
voice  options.  ADTRAN’s  new  NetVanta  1000  Series  of  Layer  2  Ethernet 
switches  is  backed  by  a  1 00%  satisfaction  guarantee,  including  unlimited 
technical  support,  free  firmware  upgrades,  and  a  5-year  warranty. 


Available  at  a  price  point  well  below  competing 
multi-box  solutions,  the  NetVanta  1224STR 
will  change  the  way  you  connect  remote  locations. 


Test  drive  a  NetVanta  1224STR  today! 
Win  a  free  baseball  cap! 

www.adtran.  com/info/cools  witch 


877.591.3055  Technical  Questions 
877.280.8416  Where  to  Buy 
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The  NetVanta  Series 


NetVanta  1000  Series 
Managed  Layer  2  Ethernet  Switches 


NetVanta  2000  Series 
Firewalls/VPN 


NetVanta  3000  Series 
IP  Routers 


The  Network  Access  Company 


L 
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Copyright© 2004  ADTRAN.  Inc.  All  rights  reserved.  ADTRAN  and  NetVanta  are  registered  trademarks  of  ADTRAN,  Inc.  EN7QAM2604NW 


Move  to  the  IP  beat  with  converged  voice  equipment  from  Sprint 

The  new  portfolio  of  Sprint  business  communications  systems  can  help 
put  your  business  in  the  IP  groove.  Fabulously  future-ready  and  totally 
customer-centric,  this  equipment  can  give  you,  your  management  and  even 
your  finance  team  reason  to  dance.  Contact  us  today  to  learn  more  and  to 
locate  a  Sprint  Authorized  Dealer  near  you. 


sprint.com/equipment 


Copyright  ©  Sprint  North  Supply  2004.  Sprint  and  the  diamond  logo  design  are  trademarks  of  Sprint  Communications  Company 
L.P.,  used  under  license.  All  other  trademarks  are  the  property  of  their  respective  owners. 
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■  WEB  SERVICES 


■  Microsoft  is  teaming  with  sys¬ 
tems  integration  and  consulting  firm 
BearingPoint  to  deliver  a  set  of 
software  and  services  packages 
aimed  at  national  and  local  govern¬ 
ments  worldwide.  The  companies 
last  week  said  they  plan  to  develop 
packages  in  the  areas  of  program 
management,  electronic-document 
filing,  e-government,  Web  services, 
national  security,  public  pension 
administration  and  independent  soft¬ 
ware  vendor  bundles  based  on 
Microsoft's  enterprise  software.  The 
partnership  is  not  Microsoft’s  first 
with  BearingPoint.  The  companies 
already  rolled  out  eFiling  for  Courts 
in  March  that  helps  courts  imple¬ 
ment  electronic  filing  systems,  and 
have  worked  on  putting  together 
packages  for  state  governments  in 
areas  such  as  transportation  and 
online  retirement  services.  Many  of 
the  new  packages  are  scheduled  to 
be  available  in  the  next  six  to  seven 
months.  Pricing  will  vary  according 
to  the  government  and  scope  of  the 
contract,  Microsoft  said. 

■  IBM  last  week  said  it  is  partnering 
with  four  companies  that  make  XML 

security  products  so  that  their 
products  will  work  easily  with  IBM’s 
Tivoli  Access  Manager  management 
software.  The  partnerships,  with 

Digital  Evolution,  Layer7, 
Reactivity  and  Vordel  will  simplify 
security  management,  letting  admin¬ 
istrators  manage  and  enforce  secu¬ 
rity  policies  for  XML  firewalls  using 
Access  Manager  and  help  compa¬ 
nies  that  are  deploying  a  service-ori¬ 
ented  architecture.  SOA  is  a  way  to 
build  an  interactive  and  extensible 
set  of  software  services  between 
customers,  partners  and  suppliers. 
IBM  said  Digital  Evolution’s 
Service  Manager  XML  and  Web 
services  management  and  security 
product.  Reactivity’s  XML 
Firewalls,  Vordel’s  Vordel- 
Secure  XML  gateway  and 
VordelDirector  XML  security 
server  and  Layer7’s  SecureSpan 
product  all  will  integrate  with 
Access  Manager,  IBM  said. 
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Wells  Fargo  unifies  portal  infrastructure 


■  BY  ANN  BEDNARZ 

The  wholesale  banking  division  of 
Wells  Fargo  had  so  much  success 
with  its  customer-focused  Internet 
efforts,  it  decided  to  replicate  the  infra¬ 
structure  internally 
“We  realized  we  should  be  doing  for 
ourselves  what  we’re  doing  for  our  cus¬ 
tomers,”  says  Danny  Reitz,  executive  vice 
president  of  wholesale  Internet  solu¬ 
tions  at  Wells  Fargo. 

The  San  Francisco  bank  employs 
144,000  people  and  handles  about  $400 
billion  in  assets.  Its  wholesale  banking 
division  includes  asset-based  lending, 
capital  markets  and  commercial  bank¬ 
ing,  for  example,  and  accounts  for  about 
20%  of  the  bank’s  $6  billion  net  income, 
according  to  Peltz.  His  group  develops 
Web-based  services  for  customers  and 
employees  involved  in  the  bank’s 
wholesale  business. 

Last  year,  the  division  decided  to  clean 
up  its  internal  systems  architecture. The 
main  issue  was  a  proliferation  of  Web 
applications  and  portals  put  up  by  dif¬ 
ferent  departments,  often  to  expose  one 
See  Wells  Fargo,  page  30 


Looking  to  reduce  the  proliferation  of  Web  applications  and  depart¬ 
mental  portals,  Wells  Fargo  created  a  master  portal  called  the 
internal  commercial  electronic  office  (iCEO)  that  would  let  the 
company’s  multiple  portals  and  users  more  easily  draw  on  shared 
corporate  resources. 


Netegrity 


A 


Netegrity 's  single  sign-on 
software  provides  secure 
access  to  applications. 


BEA 


The  portal  lets  business 
units  control  their  own 
content  and  access  rules 
while  end  users  retain 
easy  access  to  person¬ 
alized  content. 


Documentum  software  and  BEA  Web- 
Logic  Portal  software  provide  stan¬ 
dardized  content  management  and 
application-development  environments.  j"| 
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Start-up  adds  smarts  to  Web  services 


■  BY  JOHN  FONTANA 

Start-up  Infravio  plans  to  introduce  a  Web 
services  registry  next  month  that  will  let 
companies  and  their  partners  more  easily 
locate  and  use  Web  services,  control 
access  to  those  services  and  track  usage. 

The  company’s  X-Registry  is  an  asset 
management  repository  that  lets  compa¬ 
nies  catalog  Web  services  and  make  them 
available  to  various  end  users  as  part  of  a 
service-oriented  architecture  (SOA).  The 
registry  plays  on  an  idea  that  was  original¬ 
ly  a  cornerstone  for  Web  services  — 
Universal,  Description,  Discovery  Integra¬ 
tion  (UDDI).  The  UDD1  model  created  a 
sort  of  Yellow  Pages  for  advertising  and 
locating  Web  services. 

Infravio  intends  to  improve  on  UDDI  by 
expanding  who  can  extract  data  from  the 
registry  and  by  adding  an  application  that 


runs  against  the  registry  It  also  provides 
views  of  Web  services  based  on  user  roles 
and  services  for  authorization,  provision¬ 
ing,  support  and  management. The  registry 
also  integrates  with  two  other  Infravio 
tools:  X-Broker,  for  delivery  management 
and  security;  and  X-Console,  for  monitor¬ 
ing,  logging  and  alerts  that  integrates  with 
NetIQ’s  Application  Manager  console. 

“Infravio  is  trying  to  do  more  than  UDDI 
with  a  registry  that  allows  you  to  consoli¬ 
date  Web  services  metadata  into  a  master 
registry^’  says  James  Kobielus,  an  analyst 
with  Burton  Group. 

X-Registry  consolidates  data  from  UDDI 
and  Electronic  Business  XML  repositories 
and  makes  available  technical  data  about 
the  services,  such  as  what  formats  it  uses, 
and  business  information,  such  as  service- 
level  agreements  and  the  cost  for  using  the 
service.  Infravio  plans  to  develop  a  federat¬ 


ed  registry  model,  to  let  X-Registry  pull  in¬ 
formation  from  other  registries  in  real  time. 

Infravio  is  trying  to  carve  out  a  niche 
among  the  crowded  field  of  companies, 
including  HP  and  Computer  Associates, 
which  provide  Web  services  management 
tools.  Other  players  include  Actional, 
Amberpoint,  Blue  Titan,  Digital  Evolution, 
Flamenco,  Systinet  and  Westbridge. 

The  registry  also  supports  infravio’s 
Delivery  Contract  Model,  which  stipulates 
how  a  Web  service  is  delivered,  what  level 
of  security  is  needed,  what  data  needs  to 
be  transformed,  and  what  version  and 
quality-of-service  model  is  used. The  deliv¬ 
ery  contracts  are  enforced  through 
Infravio’s  X-broker. 

The  X-Registry  has  an  administration  con¬ 
sole  to  create  users,  manage  access  con¬ 
trols  and  user  roles  and  configure  delivery 
contract  terms.  Pricing  starts  at  $35,000.  ■ 


CONSIDER  YOUR  NATIONAL  RESERVATIONS  NETWORK.  Consider  the  dots  connected. 


Now  we  can  design,  deliver  and  manage  a  data  integration  system  that 
brings  it  all  together.  Converge  every  kind  of  business  network  -  dealers, 
brokers,  suppliers,  customers  -  across  platforms,  across  America.  All  on 
the  strong,  reliable  backbone  of  the  SBC  network.  To  connect  the  dots 
coast  to  coast,  talk  to  your  SBC  account  representative,  sbc.com/dots 
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Well  Fargo 

continued  from  page  27 


function  or  data  source,  without  any  reference  to  an  overall  enter¬ 
prise  architecture. 

The  wholesale  banking  division  set  out  to  create  a  master  por¬ 
tal  framework  that  would  let  multiple  applications  draw  on 
shared  resources  —  such  as  access  and  authentication  services 
—  and  minimize  duplicative  development  and  maintenance 
efforts.  Peltz  also  wanted  to  establish  a  common  interface  to  key 
customer  and  employee  applications. 

To  accomplish  this,  commercial  banking  division  decided  to 
pare  back  the  number  of  applications  it  was  running  and  build 
a  common  infrastructure  platform  with  BEA  Systems’WebLogic 
Portal  8.1  software,  Documentum  content  management  soft¬ 
ware  and  a  customized  version  of  Netegrity’s  single  sign-on 
software.  The  division  hatched  its  plan  last  summer  and 
deployed  a  pilot  project  in  December.  Today,  the  portal-based 
framework  is  up  and  running,  and  content-  and  application- 
rationalization  work  continues. 

The  wholesale  banking  division  modeled  its  internal  overhaul 
on  its  commercial  electronic  office  (CEO)  portal,  which 
launched  in  2000.  CEO  is  for  external  users:  About  75,000  users 
from  more  than  17,000  corporate  Wells  Fargo  clients  use  CEO  and 
its  35-plus  applications  and  services  to  view  account  information 
and  execute  money  transfers,  for  example. 

Promoting  growth 

Peltz  mirrored  the  CEO  setup  because  of  its  success:  The  finan¬ 
cial  services  portal  processed  almost  $6  trillion  in  electronic  pay¬ 
ments  in  2003  and  yielded  a  54%  gain  in  revenue  growth  through 
the  Internet  vs.  2002  figures,  Peltz  says. 

A  key  attribute  of  CEO  is  that  it  uses  common  infrastructure  ser¬ 
vices  while  letting  different  departments  maintain  control  of  cer¬ 
tain  distributed  processes,  Peltz  says.“If  you  try  to  fit  everybody  into 
a  single  framework,  it’s  just  not  going  to  work,” he  says.“You  want  to 
have  a  common  framework,  but  you  want  to  be  able  to  distribute 
out  control  as  much  as  possible.  Nobody  wants  to  be  told  what  to 
do. They  want  to  be  able  to  drive  their  business  as  they  see  fit.” 

At  the  same  time,  the  use  of  common  infrastructure  services 
frees  departments  from  dealing  with  technology  issues  such  as 
security  single  sign-on  and  content  management. 

Pfeltz  applied  the  same  philosophy  in  the  design  of  the  internal 
iteration  of  CEO,  called  iCEO,  which  provides  single  sign-on 
access  to  the  divisions’  applications.  Before  the  launch  of  iCEO, 
the  wholesale  banking  division  had  more  than  500  applications, 
Peltz  says.  Now  some  of  them  can  go  away  “Our  goal  is  to  signifi¬ 
cantly  rationalize  those  applications  and  render  them  within  this 
iCEO  portal  framework,”  Peltz  says. 

In  addition  to  reducing  application  maintenance  burdens, iCEO 
will  improve  data  quality.  Peltz  wants  to  consolidate  data  entry  in 
the  iCEO  portal  framework,  and  then  push  data  to  the  multiple 
systems  of  record  to  ensure  consistency  and  eliminate  the  need 
to  continually  re-key  data. 

Similarly  the  portal  will  push  specific  content  to  employees 
based  on  their  role  in  the  wholesale  banking  division,  and  let 
them  have  control  over  the  content  to  which  they  subscribe,  Peltz 
says.The  mass  blast  of  information  just  doesn’t  work,”  he  says. 

The  process  of  moving  content  to  a  single  content  manage¬ 
ment  system  already  is  triggering  some  maintenance  benefits: 
One  business  unit  reduced  the  number  of  Web  pages  it  main¬ 
tained  from  10,000  to  2,000  as  it  considered  which  content  was 
useful  and  which  was  obsolete,  Peltz  says. 

Down  the  road,  Peltz  plans  to  link  the  customer-facing  and 
internal  application  infrastructures,  which  today  are  alike  but 
disconnected. “CEO  and  iCEO  are  really  built  on  the  same  plat¬ 
form,  with  the  idea  of  connecting  the  two  over  time  and  utiliz¬ 
ing  technologies  such  as  a  [service-oriented  architecture]  and 
Web  services  so  that  we  can  build  once  and  deploy  to  either 
one  of  the  two  segments’’  Rsltz  says.  ■ 


Sygate’s  new  devices 
batten  down  net  endpoints 


■  BY  TIM  GREENE 

Sygate  this  week  is  announcing 
new  hardware  that  can  discover 
unauthorized  devices  on  net¬ 
works  and  check  known  devices 
periodically  to  ensure  they  are 
functioning  and  continue  to 
comply  with  security  policies. 

Called  Sygate  Magellan, the  new 
gear  consists  of  Sygate  Discovery 
Engine,  which  gathers  data  from 
devices  on  networks,  and  Sygate 
Correlator,  which  gathers,  stores 
and  analyzes  the  data  that  the 
Discovery  Engine  collects. 

Discovery  Engine  ascertains  any 
network-addressable  devices,  and 
Correlator  can  determine  wheth¬ 
er  they  meet  corporate  security 
policies.  The  data  can  be  export¬ 
ed  to  asset  management  systems 
made  by  other  vendors,  overarch¬ 
ing  network  management  sys¬ 
tems  and  vulnerability  scanners. 

With  existing  Sygate  products 
Sygate  Secure  Enterprise  (SSE) 
and  Sygate  On-Demand  (formerly 
Sygate  Security  Portal),  Magellan 
can  protect  networks  from  inter¬ 
nal  and  external  attacks  by  mak¬ 
ing  sure  computers  meet  security 
standards  before  being  granted 
access  to  corporate  networks. 
Sygate  calls  its  security  system 
Continuous  Protection. 

The  Sygate  line  lets  companies 
protect  corporate  networks  from 
potentially  infected  machines 


that  are  connected  to  the  LAN 
and  that  are  accessing  the  net¬ 
work  via  VPNs  or  Secure  Sockets 
Layer  (SSL)  remote  access,  says 
Chris  Christiansen, an  IDC  analyst. 

Continuous  Protection  will 
compete  with  security-compli¬ 
ance  gear  from  Internet  Security 
Systems,  InfoExpress  and  Prevent- 
sys,  and  individual  security  ven¬ 
dors  such  as  Check  Point  that  are 
adding  some  similar  features  to 
their  products,  Christiansen  says. 
Security  services  from  iPass  and 
GoRemote  Internet  Communica¬ 
tions  also  will  compete,  he  says. 

For  the  system  to  work,  end 
devices  need  Sygate  Security 
Agent  software  that  probes 
whether  the  host  machine  is  con¬ 
figured  properly  and  reports  back 
to  SSE  and  to  Magellan  devices. 
SSE  then  can  deny  access  and 
refer  the  machine  to  servers 
where  they  can  get  software 
updates  to  bring  them  into  com¬ 
pliance  with  corporate  policies 
using  the  Layer  2  authentication 
standard  802.1  lx.  Support  for 
802. lx  is  new  with  the  latest  SSE 
Version  4.0. 

The  new  software  also  adds  sup¬ 
port  for  Trusted  Computing 
Group  chips  that  store  security 
keys,  passwords  and  certificates 
on  many  IBM  and  HP  computers 
and  servers. 

Sygate  On-Demand  is  software 
that  can  scan  and  enforce  poli¬ 


cies  on  devices  that  access  cor¬ 
porate  networks  via  SSL  remote 
access  but  that  are  not  owned  by 
the  corporation. 

These  On-Demand  software 
agents  ensure  security  by  creat¬ 
ing  virtual  desktops  on  these 
devices  that  are  purged  when  the 
remote  session  ends  so  subse¬ 
quent  users  can’t  access  data 
retrieved  during  the  session. 

The  new  software  also  includes 
an  application  programming 
interface  that  partners  can 
include  in  their  SSL  gateway 
products  to  enforce  Sygate-con- 
trolled  policies. 

The  latest  version  of  On-De- 
mand  adds  support  for  custom 
rules  and  creation  of  rule  groups 
that  can  check  for  applications, 
operating  system  configuration 
and  patches  on  remote 
machines. 

SSE  Version  4.0,  On-Demand  2.0 
and  Magellan  are  scheduled  to 
be  available  next  month. 

Pricing  for  SSE  starts  at  $70  per 
machine  and  for  On-Demand  at 
$40  per  seat.  One  of  each  Magel¬ 
lan  1 .0  appliances  plus  a  manage¬ 
ment  GUI  costs  $80,000.  ■ 
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Gore  Security  unwraps  security-test  tool 


■  BY  ELLEN  MESSMER 

Core  Security  Technologies  this 
week  updated  Core  Impact,  its 
security  penetration-test  tool  for 
desktops  and  servers  that  lets 
customers  run  a  series  of  ex¬ 
ploits  to  determine  how  far  into 
corporate  resources  a  hacker 
could  burrow. 

Version  4.0,  which  runs  on 
Windows  2000,  XR  Linux,  Solaris 
and  OpenBSD,  presents  a  set  of 
exploits  that  authorized  mangers 
can  run  that  duplicate  hacker 
capabilities.  This  version  elimi¬ 
nates  the  need  to  manually  direct 
each  testing  step  and  automates 
the  cleanup  procedure  of  re¬ 
moving  files  and  back  doors  that 
get  installed  as  a  routine  part  of 
changing  machine  configuration. 

The  tool  can  import  information 


about  network  vulnerabilities  that 
are  discovered  by  commercial 
tools  such  as  Internet  Security 
Systems’  Scanner  and  freeware 
like  Nessus.  It  competes  with  free¬ 
ware  such  as  the  Metasploit 
Project  tools  for  penetration  test¬ 
ing  and  is  viewed  as  comple¬ 
mentary  to  vulnerability  assess¬ 
ment  tools,  which  can  identify 
network  holes  by  scanning. 

James  Cupps,  chief  information 
security  officer  at  global  paper 
manufacturer  Sappi,  says  he  has 
used  Core  Impact  for  a  number  of 
years  to  supplement  vulnerability- 
assessment  tools,  which  cover  a 
wide  range  of  possible  network 
and  application  holes  but  often 
generate  false  positives. 

“Core  Impact  is  more  accurate  if 
not  more  comprehensive  than 
vulnerability  assessment,"  Cupps 


says.  For  instance,  Nessus  might 
identify  a  few  thousand  possible 
weaknesses,  but  Core  Impact 
zeros  in  on  the  100  or  so  most  crit¬ 
ical  exploits. 

When  vulnerability-assessment 
tools  pick  up  a  weaknesses  in  any 
of  Sappi’s  2,000  desktops  or  600 
servers,  Cupps  checks  the  results 
with  Core  Impact  to  make  sure 
there  are  no  false  positives  and  to 
determine  how  deeply  hackers 
might  exploit  a  problem.  “I’ll  do 
this  on  a  quarterly  basis,  once  a 
week  for  each  subnet,  and  give 
the  results  to  a  systems  adminis¬ 
trator1  Cupps  says. 

Core  Impact  consolidates 
reporting  on  network  exploits  and 
presents  them  on  a  PC-based 
management  console. 

Core  Impact  4.0  starts  at  $2,500 
for  an  eight-server  license.  ■ 


A  server  engineered  to  deliver  on  both  sides 
of  the  price/performance  equation. 
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The  HP  ProLiant  DL380  G3  gives  you  true  high  performance  at  a  truly  affordable  price,  while  our  Intel®  Xeon™  processor- 

powered  HP  ProLiant  DL380  G3  server  certainly  offers  blazing  performance,  the  engineers  behind  it  would  challenge  you  to  rethink  the  definition  of 
performance  entirely.  Consider,  for  example,  what  happens  when  you  need  to  add  a  storage  device  to  a  typical  server— the  server  must  be  powered 
down,  and  your  productivity  drops  to  zero.  This  fact  led  us  to  design  hot-pluggable  technology  on  the  DL380  that  allows  you  to  swap  out  a  number  of 
key  server  components,  including  the  reliable  and  efficient  HP  DAT72h  tape  backup  solution  without  ever  interrupting  server  operation.  The  DL380  and 
DAT  72h  also  feature  space-saving  designs,  and  server  management  is  easy  yet  robust  thanks  to  our  ProLiant  Essentials  Software.  Demand  more  uptime 
and  more  real  performance  from  a  server.  And  demand  more  value,  from  HR 


HP  ProLiant  DL380 
G3  SERVER 


$3,018 

One  Intel®  Xeon™  processor  3.06GHz  with 
512KB  cache  (upgradable  to  2  x  3.20GHz) 

1GB  PC2100DDR  SDRAM  (12GB  maximum)’ 

Integrated  Lights-Out  (iLO) 
management  (standard) 

ServerWorks  GC-LE  Chipset 

Integrated  Smart  Array  5i  Plus  Controller 

Three  available  PCI-X  slots  (2  hot  pluggable) 

Two  NC7781  PCI-X  Gigabit  NICs  (embedded) 


Enhance  your  system. 


HP  STORAGEWORKS  DAT  72h 

HOT-PLUG  TAPE  DRIVE 

—  Industry-standard  DDS  technology 

—  Up  to  36GB  native  capacity  on  a  single 
tape,  72GB  at  2:1  compression* 

—  HP  StorageWorks  One-Button  Disaster 
Recovery  (OBDR)  restores  your  entire 
system  at  the  touch  of  a  button 

—  Up  to  3MB/s  native  data  transfer  rate, 
6MB/s  with  2:1  compression 

$1,349 

(after  $150  instant  savings) 


*HP  StorageWorks  DAT  72h  offer  good  through  5/31/04. 
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BUY  NOW 

Click  www.hp.com/go/proliantesg9 

Call  Toll  Free 

1-888-225-753 
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UFOs  and  flying  penguins 


The  Mexican  Air  Force  reported  in  the 
middle  of  the  month  that  one  of  its 
pilots  had  encountered  what  might 
have  been  UFOs  a  month  earlier  while  fly¬ 
ing  a  drug  surveillance  flight.  They  even 


released  a  film  showing  some  bouncing 
blobs  of  light.  UFO  fans  immediately  touted 
the  report  and  film  because  it  was  the  first 
time  a  major  government  had  formally 
released  such  a  film. 


r 


The  reason  the  world's  leading  companies 
rely  on  Equant  for  their  global  communications 


Your  business  communications  can't  be 
left  to  chance.  Fortunately,  there's  a 
provider  with  the  track  record  to  inspire 
your  confidence.  An  innovator  with  over  5  years 
experience  using  convergence-ready  MPLS 
technology  that  powers  business  solutions 
for  over  1100  companies.  A  provider  trusted 
by  the  world's  leading  companies. 

That  provider  is  Equant. 

Seamless.  And  that  trust  doesn't  stop  at 
any  border  -  because  Equant  is  everywhere. 
With  people  in  165  offices,  a  seamless  global 
network  that  covers  220  countries  and 
territories,  and  supported  locally  in  the  local 
language.  Our  customized  communication 
solutions  can  enable  your  key  business 
processes  wherever  you  want  to  do  business  - 
including  emerging  markets  like  India  and  China. 


Stable.  What's  more,  you  can  trust  us 
to  deliver  real  results  for  business  critical  needs. 
Solid  financials  and  steady  growth,  on  both 
client  list  and  balance  sheet.  But  don't  take 
our  word  for  it;  analysts  have  praised  Equant's 
solutions  for  global  businesses  for  years. 

Demonstrating  business  value.  And  that's 
how  we'll  earn  your  trust  -  by  understanding 
your  business  before  talking  technology. 

Our  approach  is  consultative,  not  hard-sell; 
our  people  build  relationships  by  demonstrating 
business  value  with  the  more  than  80  proven 
Equant  products  and  solutions.  We'd  like 
to  start  proving  ourselves  to  you  today. 

Go  to  the  link  below  and  see  why  Equant 
is  worthy  of  your  trust. 

uiuiui.equant.com/usa 


SeeEquantatMETAMorPhosis 

in  Chicago,  May  25th  27 
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Creating  answers  together. 


www.nwfusion.com 


A  few  days  later,  in  what  1  assume  was  a 
coincidence,  the  Alexis  de  Tocqueville 
Institution  released  the  latest  in  its  long- 
running  string  of  anti-open  source“reports.” 
(I  use  quotes  around  the  word  “reports” 
because  not  everyone  would  agree  that 
these  screeds  rise  to  the  level  of  logic  that 
would  be  required  by  even  a  high  school 
teacher  to  qualify  as  reports.) 

I’ve  written  before  about  the  institution  s 
views  on  open  source  (see  “Fighting  ter¬ 
rorism  with  obscurity’ see  www.nwfusion. 
com,  DocFinder:  2130).  I’m  still  not  quite 
sure  why  the  group  has  such  a  burr  under 
its  saddle  about  this  topic,  because  its 
mission,  according  to  its  Web  site,  is  to 
study  “the  spread  and  perfection  of 
democracy  around  the  world.”  About  half 
the  topics  listed  on  the  home  page  seem 
to  be  related  to  democracy,  or  at  least 
mention  the  term.  But  it  seems  a  stretch  to 
say  that  stories  about  how  Linux  will  col¬ 
lapse  because  of  software  patents  (www. 
adti.net/penguin.html),  how  govern¬ 
ments  can  save  money  using  IP  telepho¬ 
ny  (www.adti.net/voippressrelease.htm), 
or  how  outsourcing  (and  open  source) 
will  destroy  the  value  of  companies 
(www.adti.net/outop.htm)  relate  to  the 
spread  of  democracy. 

That  said,  I  don’t  think  it’s  a  bad  idea  for 
people  to  look  at  these  issues,  whatever  the 
cover  they  want  to  use  to  do  so.  But  I  do 
think  it’s  a  bad  idea  to  publish  what  looks 
like  a  paint-by-number  portrait  of  the  evils 
of  something  that  it  is  not  clear  you  under¬ 
stand,  and  to  do  so  without  offering  any 
specific  recommendations  of  alternatives. 

It  is  not  clear  who  prints  the  patterns  that 
the  Alexis  de  Tocqueville  Institution  so 
carefully  tries  to  color  within  the  lines. 
Microsoft  admits  to  funding  the  institution, 
but,  as  I  noted  the  last  time  I  wrote  about 
the  group,  it’s  hard  to  believe  Microsoft 
would  hire  people  who  drew  such  crude 
lines  to  fill  in.There  are  real  issues  hiding  in 
here  somewhere.  It  is  sad  that  the  institu¬ 
tion  does  not  do  a  better  job  of  exploring 
anything  but  the  anti-open  source  side. 

1  suppose  that  the  open  source/Linux 
community  should  take  the  institution’s  at¬ 
tention  as  a  positive  thing.  I  doubt  the 
group  would  make  the  effort  if  no  one 
were  using  this  software.  This  Ftenguin  (as 
the  institution  calls  Linux)  is  flying  high 
enough  and  fast  enough  that  maybe  the  in¬ 
stitution  mistook  it  for  a  UFO.  News  reports 
now  say  that  maybe  the  Mexican  pilots  just 
saw  ball  lightning  and  not  some  manifesta¬ 
tion  of  otherworldly  intelligence.  At  least 
for  now,  we  might  have  to  rely  on  the  Alexis 
de  Tocqueville  Institution  for  that. 

Disclaimer:  The  Harvard  Divinity  School, 
by  its  mission,  cannot  be  restricted  to 
worldly  thinking;  such  restrictions  are 
optional  at  the  other  schools.  But  the  dis¬ 
missal  of  such  efforts  in  this  column  is 
mine  alone. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sob.com. 
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In  an  extreme  world 
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10  gigabit  uplink  option 


Extreme  Networks  is  revolutionizing  the  networking  industry  with 
the  highest  performance  Layer  3  10/100/1000  fixed  configuration 
edge  switch,  with  the  industry’s  first  and  only  modular  10  gigabit 
uplink  option.  The  Summit  400,  designed  for  enterprise  networks 
deploying  gigabit  to  the  desktop,  enables  customers  to  fearlessly 
deploy  Gigabit  Ethernet  to  the  edge  today,  and  have  the  added  peace 
of  mind  that  they  can  fully  performance-enable  their  wiring  closet 
infrastructure  through  future  upgrades.  How's  that  for  a  switch? 


Contact  Extreme  Networks  at 
1.888.257.3000  or  visit  us  on  the  we:, 

www.extremenetworks.com/go/sum400.n:: 

©  2004  Extreme  Networks,  Inc  Ali  Rights  Feserved; 


Profiles  in  Business 


Every  business  is  a  team  of  individuals.  And  if  you  can  maximize  teamwork,  you’ll 


maximize  productivity— which  is  where  Nokia  comes  in.  Everything  we  make,  from 
advanced  messaging  devices  to  secure  mobile  connectivity  offerings,  is  engineered  to 

I 

the  power  to  work  faster  and  smarter.  The  payoff  can  be 


give  your  team 


immediate: 


better  decision-making, 


Torturous  Trevor  the  Technoholic 


The  Nokia  6820  Messenger 


Mr.  7  Have  Security  Issues' 


R.O.  Ida.  The  Chief 
Financial  Officer 


Working-from-Home  Walter 


Mobility:  Teamwork 

How  to  be  more  competitive,  more  productive,  and,  uh,  more  in  sync. 


improved  coordination,  faster  growth.  And  because  Nokia  Ibsbij 


Nokia  security  appliance 


supports  a  variety  of  access  methods  and  devices,  your  people  can  work  on  their 
own  terms  while  taking  care  of  business  demands.  Learn  more  today.  And  give  your 


team— and  your  business— the  advantage  of  more  mobility.  Anytime,  anywhere, 
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and  on  virtually  any  device. 

Nokia  One  Business  Sewer 


Learn  how  to  mobilize  your  team  and  increase  business 
productivity.  Download  “The  Anytime,  Anyplace 
World”  white  paper  at  »nokiaforbusiness.com 
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Gitrix  shifts  gears;  users  wary 


■  BY  JOHN  COX 

Citrix  Systems  customers  are  welcoming  the  most 
recent  release  of  the  company’s  software  prod¬ 
ucts,  but  generally  not  for  the  reasons  Citrix 
executives  would  like. 

The  company  has  been  working  to  create  a  new 
market  for  its  flagship  MetaFrame  Presentation  Server, 
a  program  that  displays  applications  on  an  array  of 
computing  devices  while  the  applications  run  on 
server  farms  under  Windows  Terminal  Services. 
Presentation  Server  is  now  one  part  of  a  package  of 
four  separate  products,  called  the  MetaFrame  Access 
Suite. The  idea  is  to  use  the  suite  to  create  a  set  of 
client/server  programs  that  let  end  users  connect 
to  their  applications  from  any  device,  over  any 
network.  Citrix  calls  this  an  “access  management 
infrastructure.” 

Last  fall,  Citrix  launched  a  $14  million  advertising 
campaign  to  promote  its  new  message.  In  April,  it 
shipped  the  latest  release,  3.0,  of  both  its  core 
Presentation  Server  and  the  Access  Suite,  which  also 
includes  applications  for  working  collaboratively  on 
documents  and  applications,  a  secure  Web  portal  and 
a  single  sign-on  capability. 

The  user  view 

But  judging  from  some  customers’  comments,  sys¬ 
tems  integrators  and  analysts,  Citrix  is  going  to  have 
to  spend  a  lot  more  to  get  that  message  to  sink  in.  For 
these  people,  Release  3.0  is  simply  a  way  to  improve 
traditional  Citrix  deployments. 

“We’re  finalizing  our  testing  on  the  new  features  in 
[Presentation  Server]  3.0, and  were  very  excited  by 
the  performance  improvements  and  other  enhance¬ 
ments,”  says  long-time  Citrix  customer  J.B.  Dunn,  man¬ 
ager  of  desktop  technology  for  Roadway  Express,  a 
transportation  services  company  in  Akron,  Ohio. 

fc  Citrix  desperately  wants  to  move 
beyond  being  a  one-trick  pony. '9 9 

Brian  Madden 

Independent  technology  analyst 

Several  enhancements  promise  to  boost 
MetaFrame’s  performance  with  multimedia  and 
Web  content  over  wide-area  links,  a  critical  issue  for 
this  company  that  has  more  than  6,000  users,  most 
on  thin-client  Wyse  Windows  terminals,  in  nearly 
400  offices.The  terminals  access  a  suite  of  PC  appli¬ 
cations  loaded  on  a  MetaFrame-controlled  server 
farm  running  Windows  2000  Server. “This  is  critically 
important  to  us,”  Dunn  says.“We  serve  everything  over 
the  WAN.  We  have  to  have  performance  that  can  run 
our  business.” 

The  original  reasons  for  this  deployment  are  famil¬ 
iar:  centralize  desktop  applications  on  servers  to 
reduce  support  costs,  and  improve  performance 


Moving  on 

Citrix  may  be  trying  to  focus  beyond  server- 

based  application  delivery  to  the  desktop, 

but  the  company  has  a  number  of  challenges 

to  achieving  its  goals. 

Strategies: _ 

•  Create  customer  demand  for  server  software  to 
manage  client  access  to  applications. 

•  Focus  on  its  biggest  accounts  in  the  Fortune  500. 

•  Refocus  and  equip  channel  partners  for  “access 
management”  message. 

Challenges; _ 

•  Customers  typically  buy  Citrix  for  desktop 
replacement  and  server-based  computing  cost 
savings. 

•Traditional  customer  relationships  are  at  lower 
levels  of  enterprise  IT  groups. 

•  Software  suite  is  four  separate  programs,  only 
partially  integrated  at  this  stage. 


over  the  WAN  when  accessing  Unix  and  mainframe 
line-of-business  applications. These  kinds  of  benefits 
have  let  Citrix  build  a  $600-million-per-year  business, 
counting  among  its  client  list  most  of  the  Fortune 
500. These  benefits  are  still  the  main  drivers  for 
many  Citrix  customers.  The  “access  management 
infrastructure”  for  now  is  an  idea  whose  time  has 
not  come. 

“We  want  to  understand  more  fully  the  evolution  of 
the  products  they’re  bringing  to  market  and  under¬ 
stand  how  they  fit  into  our  plans  for  this  computing 
model,”  Dunn  says. 

One-trick  pony? 

“Citrix  desperately  wants  to  move  beyond  being  a 
‘one-trick  pony’”  says  Brian  Madden,  an  independent 
technology  analyst  who’s  written  three  books  on 
Citrix  and  server-based  computing.  His  Web  site, 
www.brianmadden.com,  is  a  hive  of  Citrix  news  and 
rumors  on  Citrix  and  server-based  computing. 

“Their  solution  is  that  ‘We  supply  the  infrastructure 
for  your  users  to  access  applications,”’ Madden  says. 
“This  is  not  something  customers  were  asking  for.” 

Citrix  integrators  say  they  are  incorporating  the  con¬ 
cept  of  access  management  into  their  traditional 
focus  on  lowering  IT  costs. “I  think  it’s  understandable 
and  totally  logical  to  have  an  access  infrastructure 
story  and  strategy"  says  Marc  Mangus,  national  direc¬ 
tor  of  technology,  for  Vector  ESP  a  leading  Citrix  inte¬ 
grator  in  Houston. “But  there’s  a  lot  of  [customer]  edu¬ 
cation  involved.  And  Citrix  knows  this.” 

Vector  typically  emphasizes  the  cost  savings  that 
Citrix  can  realize  for  big  companies.  One  Vector  cus¬ 
tomer  is  ABM  Industries,  a  $2.1  billion  facilities  man¬ 


agement  service.  ABM  replaced  70%  of  4,000  PCs 
with  thin  clients,  hosting  its  new  J.D.  Edwards’  ERP 
software  on  a  server  farm  running  MetaFrame 
Presentation  Server.  ABM  CTO  Anthony  Lackey  has 
said  his  company  saved  at  least  $10  million  in  five 
years  as  a  result,  not  counting  so-called  soft  savings 
in  higher  employee  productivity  and  reduced 
downtime. 

“Today  we  say  to  a  CIO, ‘We’re  going  to  show  you 
how  to  drive  costs  out  of  IT  using  an  access  infra¬ 
structure,”  Mangus  says.“It  dovetails  nicely  with  what 
Citrix  is  telling  customers.” 

Wireless  is  the  key 

But  the  best  example  of  Citrix’s  access  message 
might  be  found  in  the  issues  related  to  deploying 
applications  over  the  next-generation  of  high-perfor¬ 
mance  cellular  networks. 

Mobile  and  remote  users  have  to  connect  over  vari¬ 
ous  types  of  wireless  networks.  Somehow  they  have 
to  have  technical  support  for  the  different  types  of 
end-user  devices,  applications  and  operating  systems 
they  use.  And  immediate  access  to  line-of-business 
applications  and  corporate  data  can  pay  huge  divi¬ 
dends. 

Cellular  networks  are  expanding  in  breadth  and 
bandwidth,  with  expansion  of  Code  Division  Multiple 
Access,  CDMA  2000  lx-EVDO  and  GSM,  says  Paul 
Giobbi,  president  of  Zumasys.a  Citrix  integrator  in 
Lake  Forest,  Calif.,  that  specializes  in  wireless  applica¬ 
tions  for  small  and  midsize  businesses.  Rates  are 
about  $80  per  month  for  unlimited  data,  he  says,  and 
he  expects  that  to  drop  in  coming  months  to  $50. 

At  the  same  time,  Citrix  is  optimized  for  low-band- 
width  connections,  needing  only  20K  bit/sec  for  a 
good  performance,  the  company  says.  In  the  new 
release,  Citrix  has  added  clever  techniques  to  create  a 
smooth,  fast  user  interaction  even  when  cellular  sig¬ 
nals  are  weak.  An  auto-reconnect  feature  lets  a  user 
keep  working  until  a  new  connection  is  forged  and 
the  application  can  “catch  up.” 

“To  the  user,  the  connection  seems  flawless.  It’s  pret¬ 
ty  compelling,”  Giobbi  says. 

One  Zumasys  user  is  Continental  Lab  Products 
(CLP),  a  San  Diego  supplier  of  lab  equipment  and 
supplies  to  life  sciences  companies.  It  deployed 
MetaFrame  Presentation  Server  at  headquarters  and 
the  Citrix  client  on  laptops  issued  to  its  sales  repre¬ 
sentatives,  giving  them  for  the  first  time  direct,  wire¬ 
less  access  to  CLP’s  ERP  system,  Microsoft  Outlook 
and  a  centralized  lead  generation  and  contacts  data¬ 
base, says  Paul  Cranford,  a  CLP  vice  president. 

Data  accuracy  has  improved,  support  calls  are  fewer 
because  the  laptops  now  have  a  single,  and  simpler, 
configuration.  In  March,  also  via  MetaFrame,  CLP 
began  making  order  and  shipment  confirmations 
available  to  sales  representatives,  who  can  access  the 
data  from  a  customer  site  and  show  customers  their 
order  status.  Eventually,  CLP  will  set  up  Web-based 
access  via  the  Citrix  products. 

“Our  sales  reps  know  they  can  get  any  customer 
information  on  demand,”  Cranford  says.  ■ 
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If  iPass  can  deliver  secure,  reliable  connections 
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Performance  means 
many  things  for  ISPs 


■  BY  CAROLYN  DUFFY  MARSAN 

When  it  comes  to  IP  network 
performance,  service  providers 
agree  that  there  are  three  key 
metrics:  availability,  latency  and 
packet  loss.  For  corporate  buy¬ 
ers,  the  good  news  is  that  top- 
tier  ISPs  are  guaranteeing  better 
performance  on  all  three  mea¬ 
surements  in  their  service-level 
agreements. 

“We  review  the  numbers  we 
guarantee  in  our  SLAs  once  a 
year  to  ensure  that  they’re  cur¬ 
rent,”  says  Kevin  Phillips,  direc¬ 
tor  of  packet  operations  for 
Sprint.“Take  packet  loss.  If  we’ve 
met  our  objectives  for  the 
whole  year  and  it  looks  like  we 
could  do  better ...  we  will  pass  that  along 
to  our  customers  in  terms  of  more  aggres¬ 
sive  goals.” 

ISPs  use  many  metrics  to  track  their  IP 
networks,  and  these  metrics  can  be  confus¬ 
ing  to  buyers  of  Internet  services.  In  the  first 


part  of  this  two-part  series,  we 
looked  at  various  statistics  ISPs 
use  to  measure  the  size  and 
reach  of  their  IP  networks.  In 
this  part,  we’ll  look  at  the  net¬ 
work  performance  statistics 
that  are  used  most  commonly 
in  corporate  SLAs. 

Most  ISPs  outperform  the 
statistics  that  they  promise  in 
their  SLAs.  For  example, 
Sprint  promised  99.8%  net¬ 
work  availability  in  its  SLAs  in 
2003,  but  the  carrier  says  its 
actual  availability  averaged 
closer  to  99.999%  at  the  core 
of  its  network. 

“We’re  pretty  good  at  protect¬ 
ing  customers  from  core  net¬ 
work  problems,”  Phillips  says. 
“It’s  the  last  mile  that  often  causes  cus¬ 
tomers  problems.” 

It’s  obvious  why  network  availability  mat¬ 
ters.  ISPs  can  talk  about  the  amount  of 
bandwidth  they  have  or  the  reach  of  their 

See  ISPs,  page  40 


Takes 


■  The  DSL  Forum  last  week  released  a  document  defining  specifications  for 
asynchronous  DSL  equipment  and  service  interoperability.  Called  Technical 
Report-067,  the  document  specifies  ADSL  bit-rate  and  distance  requirements  that 
reflect  the  recent  improvements  in  ADSL  modem  performance,  which  are  now 
capable  of  3M  bit/sec  and  higher  speeds.  TR-067  defines  a  consistent  testing  and 
reporting  environment  to  help  ensure  reliable  test  results,  the  forum  says.  The  DSL 
Forum  was  established  in  1994  and  has  about  200  service  provider  and  equipment 
manufacturer  members. 

■  As  expected,  remote-access  service  provider  Gric  Communications  officially 
changed  its  name  last  week  to  GoRemote  Internet  Communications.  The  ser 

vice  provider  also  announced  a  new  version  of  its  client  software,  enhancements  to 
its  Mobile  Office  and  Branch  Office  services,  and  a  new  service-level  agreement 
for  the  latter  service.  The  client  has  a  new  look  and  lets  users  display  it  as  a  toolbar 
anywhere  on  their  screens.  The  client  presents  all  connectivity  options,  automati¬ 
cally  detects  VPN  software  running  on  a  laptop  and  incorporates  that  client  infor¬ 
mation  into  the  user's  profile.  Mobile  Office  users  now  can  connect  to  the  Internet 
via  general  packet  radio  service  mobile  networks  in  addition  to  DSL,  dial-up  and  Wi¬ 
Fi  services.  Branch  Office  VPN  customers  now  have  a  tool  available  that  displays 
real-time  network  performance  information  and  a  new  SLA.  The  service  provider's 
24-page  SLA  lays  out  12  guarantees  ranging  from  end-to-end  network  availability  to 
jitter  to  on-time  installations. 


Vendors  angle  for  edge 
in  multiservice  market 


Hammerhead  and  Alcatel 
add  to  recent  product  flurry. 

■  BY  JIM  DUFFY 

An  established  vendor  and  start-up 
each  unveiled  multiservice  routing  and 
switching  products  and  enhancements 
last  week  for  a  market  that  has  become 
white  hot. 

Start-up  Hammerhead  Systems  intro¬ 
duced  an  edge  switch  that  is  designed  to 
migrate  service  providers  from  legacy 
Layer  2  services,  such  as  ATM  and  frame 
relay,  to  newer  Layer  2  and  Layer  3  ser¬ 
vices, such  as  Ethernet  and  Multi-protocol 
Label  Switching  (MPLS)  VPNs. 

Meanwhile,  Alcatel  rolled  out  hardware 
and  software  enhancements  to  its  7670 
Routing  Switch  Platform  (RSP)  intended 
to  add  support  for  Ethernet  and  boost  ser¬ 
vice  performance  and  flexibility 

The  Alcatel  and  Hammerhead  offerings 
are  the  latest  in  a  flurry  of  multiservice 
edge  announcements  from  incumbent 
vendors  and  start-ups.  Two  weeks  ago, 
Nortel  unveiled  its  latest  edge  product,  the 
MPE  9000  multiservice  router;  Lucent  is 
expected  to  roll  out  the  next-generation 
CBX  3500  next  month;  and  Cisco,  Juniper 


At  your  multiservice 

Features  of  Hammerhead’s  HSX 

6000  edge  switch: 

■  Bandwidth  pooling  for  making  use 
of  stranded  system  resources. 

■  Distributed  Service  Interworking 
Engine,  for  enabling  introduction  of 
new  Ethernet-based  services  to 
existing  frame  relay  and  ATM 
revenue  streams. 

■  Dual  Control 
Plane  with 
Bridge  and 
Roll,  for 
enabling 
interoper¬ 
ability  between 
and  migration 
from  ATM  to 
MPLS  cores. 


and  Laurel  Networks  have  all  added  or 
enhanced  multiservice  edge  routers  in 
the  past  few  months. 

Also,  Ciena  acquired  Layer  2  multiser¬ 
vice  edge  switch  start-up  WaveSmith 
Networks  a  year  ago  after  WaveSmith 
landed  a  DSL  aggregation  deal  with  SBC. 

But  Hammerhead’s  HSX  6000,  which 
compares  most  closely  with  WaveSmith’s 
2-year-old  DN  switches,  might  present  a 
twist  to  the  plot.  The  switch  includes  two 
features  analysts  say  are  differentiators  in 
the  multiservice  edge  arena. 

The  first  is  called  bandwidth  pooling. 
This  capability  lets  carriers  free  system 
capacity  from  underutilized  forwarding 
cards. They  can  add  processing  resources 
and  capacity  to  other  physical  interfaces 
or  services  on  an  as-needed  basis. 
Hammerhead  says. 

Another  innovation  is  a  dual  control 
plane  with  “bridge  and  roll”  capabilities. 
The  HSX  6000  supports  ATM  and  MPLS 
control  planes  —  instead  of  one  or  the 
other  —  and  carriers  can  execute  a 
“graceful  cutover”  of  circuits  from  legacy 
ATM  cores  to  MPLS  backbones,  or  bridge 
and  roll. 

“This  design  is  definitely  unique  from 
other  next-generation  Layer  2  switches 
that  we’ve  seen,”  says  Mark  Bieberich,  an 
analyst  at  The  Yankee  Group. 

Hammerhead  benefits  “a  little  bit  from 
the  fact  that  they  are  a  couple  years  later,” 
says  Joe  McGarvey,  an  analyst  with 
Current  AnalysisTThey  have  a  better  read 
on  what  carriers  want.” 

At  the  same  time,  though,  Ciena’s 
WaveSmith  offering  already  is  deployed 
by  SBC  and  Verizon,  McGarvey  notes. 
Other  challenges  facing  the  small, 
unproven  Hammerhead  is  lining  up  a 
partnership  with  a  large,  financially  stable 
vendor  already  entrenched  in  carrier  net¬ 
works.  Hammerhead  is  said  to  be  partner¬ 
ing  with  Fujitsu  in  a  non-exclusive 
arrangement,  but  observers  say  the 
company  needs  something  tighter. 

The  HSX  6000  might  attract  such 
an  arrangement.  In  addition  to  the 
pooling  and  bridge  and  roll  features, 
the  switch  scales  from  30G  to  120G 
bit/sec  full  duplex,  while  squeezing 
into  one-quarter  of  a  telco  equip 
ment  rack. 

Interface  support  ranges  from  T-l 
to  OC-192c/10G  bit/sec  Etherne 

See  Multiservice,  paJi  ?  i 
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North  American  'Net  traffic 
continues  to  rise 

ISPs  have  many  metrics  to  describe  how 
they’re  doing  moving  it. 
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networks,  but  what  really  matters  is 
whether  the  network  is  up  and  available. 

Top-tier  ISPs  promise  anywhere  from 
99.5%  to  99.99%  backbone  availability  in 
SLAs,  according  to  Forrester  Research.This 
number  is  an  average  over  the  course  of  a 
month  and  doesn’t  cover  the  end  user’s  site 
availability  unless  the  customer  is  buying 
an  end-to-end  managed  service. 

“Availability  shows:  Is  the  network  up  or  is 
it  down?  Do  you  have  access  to  it?  That’s  a 
number  that  we  [guarantee]  in  our  SLAs, 
and  the  customer  can  measure,”  says  Fred 
Briggs,  president  of  operations  and  tech¬ 
nology  at  MCI. 

Brownlee  Thomas,  a  principal  analyst 
with  Forrester,  recommends  paying  close 
attention  to  the  availability  guarantees  in 
SLAs.  Customers  typically  must  have  an 
outage  that  lasts  for  a  certain  period  of 
time  —  such  as  an  hour  —  before  reme¬ 
dies  kick  in.  Some  SLAs  do  not  cover  a  sit¬ 
uation  where  you  have  several  59-minute 
outages  in  a  given  30-day  period. 

“I  always  ask  for  a  cumulative  report  of 
any  outages  that  lasted  more  than  10  or  15 
minutes  over  a  30-day  period,”  Thomas 
says.’The  key  is  to  have  a  remediation  plan 
so  that  if  I  have  cumulative  outages  ...  we 
will  have  a  verbal  conversation  to  see  what 
[the  ISP]  is  doing  about  it.” 

Another  key  metric  is  packet  loss,  which 
is  an  indicator  of  network  congestion. 
Packet  loss  measures  the  number  of  pack¬ 
ets  that  were  unsuccessfully  transmitted 
and  had  to  be  resent.  SLAs  might  promise 
0.2%  or  0.3%  packet  loss,  but  the  perfor¬ 


mance  that  many  ISPs  actually  see 
on  their  networks  is  closer  to  0.03% 
or  0.04%. 

“We  guaranteed  0.3%  for  2003, 
but  we’ve  improved  that  to  0.1%  for 
2004,”  Phillips  says.  “What  cus¬ 
tomers  see  could  differ  depending 
on  geography’ 

A  third  key  measure  is  latency, 
which  shows  the  time  delay  that  a 
customer  will  experience  while  a 
packet  travels  from  its  origin  point  to 
its  destination  and  back.  ISPs  guar¬ 
antee  different  latency  numbers  in 
the  U.S.  vs.  other  parts  of  the  world 
because  these  statistics  often 
depend  on  local  access  providers. 

Typically  latency  SLAs  are  about  45 
millisec  to  65  millisec  in  North 
America,  according  to  Forrester.  However, 
they  can  be  double  or  triple  that  for  trans- 
Atiantic  or  trans-Pacific  traffic. 

Thomas  recommends  buyers  ask  ISPs  to 
provide  latency  statistics  for  the  locations 
they  need,  not  average  numbers  across 
the  entire  network.  She  recommends  buy¬ 
ers  ask  ISPs  to  provide  three  to  six 
months’  worth  of  network  performance 
data  for  five  or  10  city  pairs  where  they 
have  major  locations. 

“Latency  matters  between  my  sites,  not 
across  the  world.  And  it  matters  at  my 
peak  business  times,  not  365  days  a  year. 
It’s  really  easy  for  the  ISPs  to  make  their 
SLAs,”  which  are  often  based  on  overall 
network  averages, Thomas  adds. 

Other  performance  metrics  to  consider 
are  jitter  and  packet  order,  which  are 
increasingly  important  for  emerging  appli¬ 
cations  such  as  voice  and  video  over  IP 


Jitter  is  a  metric  that  is  designed  to  mea¬ 
sure  the  quality  of  the  IP  connection. 
Another  key  metric  for  VoIP  applications  is 
called  “out  of  order,”  which  measures 
whether  packets  get  across  the  Internet  in 
the  right  order. 

“You  won’t  see  anyone  publishing  stats 
on  out  of  order,  but  it’s  actually  more  signif¬ 
icant  forVoIP  than  latency  says  Craig  Uthe, 
IP  network  product  management  director 
for  AT&T.  “What  if  the  words  I’m  speaking 
came  out  of  order?  That  affects  you  more 
than  if  the  words  took  an  extra  second  to 
get  to  you.” 

Also  important  are  measurements  ISPs 
use  to  track  the  quality  of  their  customer 
service.  Much  as  manufacturers  measure 
defects  per  million  parts,  ISPs  measure  the 
meantime  to  respond  to  customer  prob¬ 
lems  and  the  meantime  to  restore  service. 

“The  mean  time  to  respond  is  how 


quickly  I  get  back  toyou.lt  doesn’t 
mean  the  problem  is  fixed,” 
Thomas  says.  “The  meantime  to 
restore  means  you  might  be  on 
backup.  It’s  the  meantime  to  repair 
that  means  it’s  fixed.” 

Sprint  measures  what  it  calls 
chronics  and  repeats,  which  occur 
when  a  customer  has  the  same 
problem  two  or  three  times  in  the 
past  30  or  40  days.  Sprint  doesn’t 
make  promises  in  its  SLAs  about 
chronics  and  repeats,  but  the  ISP  is 
trying  to  be  more  proactive  by 
addressing  these  kinds  of  prob¬ 
lems  in  its  trouble-ticketing  system. 

“I  have  thresholds  set  in  my  sys¬ 
tems  . . .  and  alarms  based  on  those 
thresholds,”  Phillips  says.“We  know 
that  a  problem  has  happened,  but  the  ques¬ 
tion  is  can  we  prevent  it  happening  a 
fourth  or  fifth  time.  We  need  to  get  to  the 
root  cause.” 

While  numbers  that  measure  IP  network 
performance  and  size  are  worth  noting, 
corporate  purchasing  decisions  are  likely 
to  emphasize  softer  issues  such  as  avail¬ 
able  services,  features  and  price. 

Jack  Pond, CIO  for  Montgomery  County  in 
Pennsylvania,  recently  replaced  an  aging 
FDD1  network  with  a  high-speed  IP  back¬ 
bone  to  carry  the  county  government’s  data 
and  voice  traffic.  He  chose  AT&T  as  his  ISP 

“AT&T  provided  us  the  lowest-cost  solu¬ 
tion,”  Pond  says.  “We  expect  to  have  $3.7 
million  in  savings  over  five  years  coming 
primarily  from  reduced  voice  costs. ...  On 
the  data  side,  we’re  pretty  much  spending 
the  same  amount  we  used  to  but  for  22 
times  more  bandwidth.”® 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


Good  scientists  learn  to  question 
assumptions.  Every  so  often,  some 
thing  you  accept  as  axiomatic  turns 
out  not  to  be  true. So  hold  on  to  your  hats, 
because  I’m  about  to  question  three 
of  the  most  cherished  assumptions  in 
networking. 

First,  that  voice  is  the  single  most  mis¬ 
sion-critical  application.  Don’t  count  on  it. 
An  IT  executive  recently  told  me  that  in 
his  organization,  e-mail  is  more  critical.  In 
a  recent  benchmark  of  IT  executives, 
e-mail  was  rated  as  by  far  the  most  mis¬ 
sion-critical  application,  with  50%  rating  it 
critical,  far  ahead  of  VoIP  and  call  centers 
(rated  critical  by  only  8.3%). 

IT  executives  are  telling  us  explicitly  that 
their  companies  are  increasingly  running 
on  e-mail.  Says  the  network  manager  at  a 
major  law  firm:  “The  attorneys  get  what  it 
means  for  e-mail  to  be  down.  Most  of  our 
senior  partners  charge  $1,000  an  hour, 
and  we  have  500  of  them.  So  we  lose  $5 
million  if  we  [have]  an  hour  of  [email] 
downtime.” 

Obviously,  both  voice  and  email  are  crit¬ 
ical  (you  can’t  imagine  those  lawyers  hap¬ 
pily  tolerating  phone  outages  any  more 
than  they  tolerate  email  outages).  But  the 
news  here  is  that  IT  executives  are  increas¬ 
ingly  finding  email  at  least  as  important 


Voice  and  data:  Three  big  myths 


as  voice  —  which  upends  the  “voice  is 
most  important”  argument. 

The  second  questionable  assumption  is 
that  voice  systems  are  inherently  engi¬ 
neered  to  greater  reliability  than  data  net- 
works.Wrong  again. 

While  the  notion  that  the  Internet  was 
designed  to  withstand  nuclear  war  is 
something  of  an  urban  legend,  the  distrib¬ 
uted,  probabilistic  nature  of  the  ’Net  is 
inherently  better  at  routing  around  failed 
nodes  than  the  top-down,  deterministic 
nature  of  the  telephony  network.  Want 
proof?  1  was  in  Manhattan  on  Sept.  11, 
2001. Though  both  the  landline  and  cellu¬ 
lar  voice  networks  failed,  1  was  able  to 
send  and  receive  e-mail  and  instant  mes¬ 
sages  throughout  the  morning. 

Which  brings  me  to  the  third  assump¬ 
tion:  that  the  lack  of  availability  of  E-911 
capabilities  is  a  serious  and  unsolved 
problem  that’s  rightfully  holding  back 
deployment  of  IP  telephony.  The  error 
here  was  recently  pointed  out  to  me  by 
the  CTO  of  a  major  equipment  manufac¬ 
turer,  who  noted:“Every  building  1  go  into 
has  a  big  red  fire  extinguisher  on  the 
wall.  Employees  are  trained  to  run  for 
that  fire  extinguisher  whenever  there’s  a 
fire.  Why  not  install  a  big  red  [public 
switched  telephone  network]  phone  in 
every  room  that’s  just  for  91 1  calls  —  and 
not  worry  about  providing  it  via  IP 
telephony?” 

Well,  duh.  All  these  years  we’ve  been 
assuming  that  911  had  to  be  a  built-in 
capability  of  the  telephony  system,  which 
had  to  be  able  to  provide  the  physical 


location  of  end  users.  That  assumption 
worked  fine  when  phones  were  tied  to 
physical  locations,  but  that’s  no  longer  the 
case.  Instead  of  trying  to  retrofit  newer 
technologies  to  outdated  assumptions, 
why  not  require  the  physical  location, 
such  as  the  building  or  facility,  to  provide 
9 1 1  services? 


Multiservice 

continued  from  page  39 

offering  frame  relay,  ATM,  point-to-point 
protocol,  packet-over-SONET  and,  obvi¬ 
ously,  Ethernet  services. 

The  switch  also  offers  1  -to- 1  hot  redun¬ 
dancy  of  switch  fabric  and  controllers, 
with  hitless  switchovers  and  hitless  soft¬ 
ware  upgrades,  Hammerhead  says. 

A  redundant,  30G  bit/sec  full-duplex  HSX 
6000  system  costs  less  than  $100,000,  Ham¬ 
merhead  says.  The  switch  and  its  manage¬ 
ment  system,  which  is  called  Pegador,  are 
available  now. 

Alcatel’s  latest  multiservice  offering  in¬ 
cludes  Release  2.2  of  the  7670  RSP’s  soft¬ 
ware.  The  software  includes  RFC  2547 
MPLS  VPNs  that  can  use  Alcatel’s  ACEIS 
Non-Stop  Routing  technology;  Ethernet 
Virtual  Leased  Line  service  over  MPLS; 
and  Ethernet  to  FR/ATM  Service  Inter¬ 
working  over  MPLS. 

MPLS  service  resiliency  is  further  aug¬ 
mented  with  Label  Switch  Path  “modify 
without  break,”  a  capability  to  increase 
an  LSP’s  bandwidth  without  disrupting 
service. 


The  bottom  line  is  always  question 
assumptions  —  especially  those  about 
which  you’re  surest. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


New  hardware  for  the  7670  includes  the 
Channelized  Multi-Rate  48  Line  Card 
(MR48),  which  supports  2.4G  bit/sec  of 
wire-rate  IRMPLS  and  ATM  forwarding.The 
card  also  supports  concurrent  routing 
and  signaling  protocols  for  1P/MPLS  and 
ATM  Private  Network  to  Network  Interface 
on  the  same  port,  Alcatel  says. 

The  MR48  is  software  configurable  to 
enable  any  service  on  any  port  using  any 
protocol,  the  company  says.  Alcatel  did 
not  release  pricing  information.  ■ 


More  online! 


Want  to  learn  more  about  MPLS?  Tune  into  our  IT 
Briefing  Webcast.  You'll  get  expert  insight  from  Edge 
Managing  Editor  Jim  Duffy. 
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In  the  very  near  future... 

you’ll  be  able  to  see  your 

very  near  future.  [LOOK  AHEAD  JUNE  14] 
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Only  Avocent  delivers  a  field-proven,  all-in-one  KVM  over  IP  solution 
for  securely  managing  all  of  your  servers.  With  Avocent,  no  server  or 
serial  device  is  too  remote. 


offices 


motely  manage 

your  branch 


Let  us  help  you  navigate  the  rough  waters  of  managing  data  centers  and  branch  offices. 

Avoid  costly  on-site  service  calls  to  your  branch  offices  with  Avocent  KVM  over  IP  switching. 

Our  new  DSR™1021  switch  combines  patented  KVM  over  IP  technology  with  an  external  modem  and 
power  control  for  a  complete  branch  office  solution.  Now  you  can  manage  your  branch  offices  from 
any  location  you  choose. 

Troubleshoot,  reboot  or  even  power  cycle  servers  or  serial  devices,  wherever  they  are,  from  wherever 
you  are.  DSView*  management  software  delivers  CLICK  AND  CONNECT™  control  so  you  can 
manage  your  remote  offices  with  the  same  interface  you  use  to  manage  your  data  center. 

Don't  be  led  off  course.  Download  your  copy  of  the  Definitive  KVM  over  IP  Buyer's  Guide  at 
www.avocent.com/reality  or  call  1-866-286-2368. 


Avocent 


Avocent,  the  Avocent  logo,  DSR,  DSView,  CLICK  AND  CONNECT  and  The  Power  of  Being  There  are  trademarks  or  registered  trademarks  of  Avocent  Corporation.  Copyright  €32004  Avocent  Corporation 


The  Power  of  Being  There* 


Storage  is  a  hot  spot 
for  your  company. 
Volume,  management, 
cost  and  accessibility 
are  all  burning  issues. 
How  will  your  storage 
strategy  handle  the 
heat?  New  data  center 
technologies  such  as 
information  life-cycle 
management,  pay-as- 
you-go  capacity  and 
virtualization  could 
determine  the  outcome 


COMPANIES  THAT 
THOUGHT  THEY 
COULDN’T  AFFORD  SAP 
RUN  SAP 
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Rethinking  networked  IT 

In  the  overheated  world  of  enterprise  storage,  the 
decisions  you  make  today  on  new  data  center 
technologies  will  determine  if  your  storage  strat¬ 
egy  will  shine  or  melt.  In  this,  the  third  in  a  six-part 
series,  we  spotlight  storage  technolo¬ 
gies  like  life-cycle  management,  pay-as- 
you-go  capacity  (see  story  at  right)  and 
virtualization, 
among  others. 
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_  ;  options  are  electrifying  companies 
by  making  cost  management  and  capacity 
planning  far  easier  than  with  previous  on- 
demand  plans. 
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Pay-as-you-go  storage  options  are 
electrifying  companies  by  making  cost  man 
agement  and  capacity  planning  far  easier 
than  with  previous  on-demand  plans. 


■  BY  DENI  CONNOR 


ne  of  the  hallmarks  of  the  new  data  center  is  flexibility  moving 
away  from  the  confines  of  dedicated, paid-for, but  nearly  always 
underutilized  or  unused,  resources.  When  it  comes  to  storage, 


that  flexibility  means  tapping  into  capacity  on  an  automated,  on-demand, 


pay-as-you-go  basis. 

While  enterprise  users 
have  long  entered  into  cre¬ 
ative  licensing  agreements 
with  vendors  to  reduce 
their  capital  outlay  for  stor¬ 
age,  these  latest  pay-as-you- 
go,  or  metered,  plans  are 
another  breed  altogether. 

For  the  first  time,  storage 
actually  can  be  purchased  as  a  utility 

Metered  storage  plans,  introduced  in  the  past 
year,  have  advantages  over  capacity-on-demand 
programs.  Cost  management  is  one,  and  easier 
capacity  planning  another. 

With  metered  storage,  a  company  buys  software 
or  a  server  that  collects  information  on  the  stor¬ 
age  capacity  being  consumed  on  the  array.  The 
software  then  automatically  transmits  this  data  to 
the  vendor’s  financial  services  department  for 
billing.  In  this  model,  storage  arrays  often  come 
configured  with  the  amount  of  capacity  a  com¬ 
pany  estimates  it  will  need,  plus  extra  idle  capac¬ 
ity  A  user  can  grab  as  little  or  as  much  capacity  as 
needed  and  only  pay  for  the  amount  used  per 
instance. 

With  capacity-on-demand,  users  buy  a  storage 
array  with  the  extra  capacity,  and  access  this 
capacity  in  pre-negotiated  chunks  of  data.  They 
pay  for  all  this  data  whether  they  use  it  or  not. 

St.  Vincent  Hospital  &  Health  Services,  a  health¬ 


care  provider  in  Indianapolis,  is 
using  metered  storage  for  its 
StorageTek  L700e  tape  library 
We  are  buying  tape  slots 
only  as  we  need  them 
because  they  are  hein¬ 
ously  expensive,”  says 
Rich  Banta,  senior  enter¬ 
prise  systems  engineer  at 
the  company 

Banta  says  he  only  pays  for  the 
40%  capacity  on  the  tape  library  being  used, 
while  getting  an  additional  60%  to  draw  from 
when  he  needs  it.Turning  on  the  latent  tape  slots 
is  simply  a  matter  of  getting  a  license  key  from 
StorageTek,  Banta  says. 

Like  StorageTek, EMC,  HP  and  Sun  offer  metered 
storage  options.  EMCs  metered  offering  comes 
through  its  OpenScale  automated  billing  feature, 
which  was  introduced  in  1999  and  revamped 
with  automatic  usage  collection  and  billing  last 
year.  OpenScale  is  available  on  a  range  of  EMC 
products  —  the  high-end  Symmetrix,  midrange 
Clariion,  Centera  nearline  storage  and  for 
Connectrix  Fibre  Channel  switches,  and  with 
value-added  software  products  including  the 
Symmetrix  Remote  Data  Facility  and  TimeFinder. 

Research  firm  Enterprise  Storage  Group  esti¬ 
mates  that  30%  of  customers  use  some  sort  of  pro¬ 
curement  program.  One  of  those  is  Deloitte 
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utility]  just  makes 
sense.  Ali  it  takes 
to  expand  the  / 
capacity  is  a  phone 
call,  a  licensing  key 
\  or  just  using  it. 


—  David  Bratt,  manager  of  technology 
infrastructure,  H.  Lee  Moffitt  Cancer  Center 


Consulting,  which  uses  a  Symmetrix  8830  loaded  with  80T  bytes  of  data. 
Storage-on-demand  "takes  some  of  the  guessing  out  of  our  acquisition  of 
storage,” says  Erik  Ericksen.CTO  for  the  Philadelphia  firm. 

From  HPmetered  storage  is  available  on  the  high-end  XP  and  midrange 
StorageWorks  Enterprise  Virtual  Array  (EVA). The  program,  called  pay  per 
use,  is  designed  for  volatile  environments  where  demand  spikes  require 
considerable  capacity  but  only  for  limited  time  periods,  HP  says.  A  soft¬ 
ware-based  utility  meter  tracks  usage  and  lets  customers  pay  only  for 
actual  consumption. The  meter  looks  at  how  many  gigabytes  have  been 
allocated  in  a  week  or  month  and  averages  usage  on  a  monthly  basis,  let¬ 
ting  retailers  and  other  businesses  with  seasonal  spikes,  for  example, 
adjust  the  amount  of  storage  used. 

A  pay-per-forecast  feature  lets  customers  vary  their  payments  up  and 
down  to  align  with  planned  demand  and  revenue,  says  Nick  van  der 
Zweep,  director  of  virtualization  and  utility  computing  for  HP 

On  metered  storage,  Sun  offers  the  Utility  Computing  Infrastructure 
Procurement  Service.  This  combines  Sun  UltraSPARC  III  processors, 
StorEdge  storage  and  the  Solaris  operating  environment.  In  this  model,  a 
customer’s  storage  is  monitored  using  Sun  NetConnect  software,  and 
billing  is  automatically  generated. 

Among  major  systems  vendors,  IBM  is  unconvinced  that  a  metered 
option  is  necessary  “Once  people  write  data,  they  don’t  know  how  to  get 
rid  of  it,”  says  John  Power,  program-marketing  manager  for  enterprise  disk 
at  IBM. “There  are  requirements  for  these  peaks  in  capacity,  but  customers 
aren’t  yet  saying  they  want  to  buy  it  by  the  hour  or  buy  it  by  the  glass.”Power 
notes,  however,  that  IBM  is  fine-tuning  buy-it-by-the-hour  constructs  and  a 
pricing  scheme  should  its  customers  start  requesting  a  metered  option. 

Capacity  on  demand 

While  it  has  stayed  away  from  a  formal  metered  offering  so  far,  IBM  is  no 
stranger  to  the  concept  of  making  storage  capacity  available  to  users  on 
demand.  It  has  been  offering  Standby  Capacity  On  Demand  for  its 
Enterprise  Storage  Server  (also  called  Shark)  and  FAStT  arrays  for  two  years. 

Power  describes  how  IBM’s  program  works:  A  user  orders  a  lOT-byte 
Shark,  or  FAStT,  taking  deliver}'  of  a  system  that  has  up  to  20%  extra  capac¬ 
ity  built-in.The  user  can  activate  the  unused  capacity  at  any  time. While  the 
user  doesn’t  immediately  have  to  notify  IBM,  it  has  agreed  contractually 
that  an  invoice  will  be  issued  for  that  capacity  based  on  a  pre-set  price. 

Other  vendors  follow  the  same  basic  model,  although  each  has  a  differ¬ 
ent  way  of  administering  its  or.-demand  storage  plan. Through  HP’s  5-year- 
old  Instant  Capacity  on  Demand  (ICOD)  program,  for  example,  enterprise 
users  can  buy  a  high-end  XP  array  or  a  StorageWorks  EVA  with  a  certain 
amount  of  storage  in  it.  HP  then  builds  additional  storage  capacity  into  the 
array  that,  when  allocated,  triggers  billing. 

“Instant  Capacity  on  Demand  started  out  as  you  turn  it  on,  you  bought  it; 
turn  it  off,  you  bought  it,”  van  der  Zweep  says. 

Although  less  flexible  and  automatic  than  metered  offerings,  capacity-on- 
demand  programs  are  still  attractive  to  enterprise  users.  “When  you  meed 
that  extra  amount  of  storage  or  processing  power,  it  literally  takes  a  phone 
call  and  license  key  rather  than  waiting  weeks  to  get  the  hardware  in  place,” 
says  David  Bratt,  manager  of  technology  infrastructure  at  H.  Lee  Moffitt 
Cancer  Center,  in  Tampa,  Fla., speaking  of  IBM’s  capacity-on-demand  plan. 

The  cancer  center  recently  bought  an  IBM  pSeries  670  server  with  a 
capacity-on-demand  option  that  lets  Bratt  enable  memory  and  CPUs  with 
a  license  key  “With  AIX  5.2,  I  can  dynamically  assign  more  processing 
power  to  a  p670  partition  during  business  hours,  and  after  business  hours 
I  can  have  more  processing  go  to  another  partition,”  he  says. 

Capacity-on-demand  storage  generally  appeals  to  two  camps  of  users, 
says  Mark  Lewis, executive  vice  president  of  open  software  at  EMC.The  first 
group  comprises  those  who  want  to  control  their  own  storage  but  don’t 
have  the  expertise  in-house,  while  in  the  second  camp  are  those  who  want 
to  expense  their  assets  rather  than  capitalize  them.  (When  using  capacity- 
on-demand,  a  user  can  capitalize  or  expense  the  capacity  being  used.) 

The  right  approach? 

The  choice  of  metered  or  capacity-on-demand  depends  in  large  part  on 
whether  a  company  wants  to  buy  or  lease  its  storage,  vendors  say.That  deci¬ 
sion  can  vary  within  an  IT  shop. 

At  St.  Vincent,  for  example,  Banta  uses  a  pay-as-you-go  scheme  for 
tape  resources,  but  pays  for  disk  storage  outright.  He  sums  up  the  com¬ 
pany’s  disk-buying  philosophy:  “We  capitalize  expenses  rather  than 
expensing  storage. When  we  need  more  storage,  we  just  buy  it.  For  disk, 
we  think  we  take  better  advantage  of  Moore’s  Law  by  buying  in  bulk 

See  Utility,  page  7 
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No  other  storage  products  offer  the  intelligence  and  integration,  in  as  cost-effective  a  solution 

•  Sophisticated  system  diagnostic  capability  including  LPSM  Monitor,  LOS  Detect,  CRC  Error,  Line  Code  Violation 

•  Robust  signal  integrity  with  low  intrinsic  jitter  and  high  jitter  tolerance 

•  High  performance  scalable  1GHz  dual  processor 

•  High  density  18-port  and  4-port  architecture 

•  Simple  device  configuration  and  design  flexibility  decrease  time-to-market 

•  Ideal  for  RAID,  JBOD,  MBOD,  SBOD,  Storage  Gateway  and  FC  Switch  Director  applications 
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rather  than  incrementally” 

HP’s  van  der  Zweep  puts  the  money  decision  in  context. “A  customer  has 
two  different  kinds  of  money:  capital  and  expense.  If  it  has  capital  dollars, 
it  likes  to  buy  things  and  capitalize  them  over  three  to  five  years,”  making 
capacity-on-demand  plans  such  as  HP’s  ICOD  attractive.  Capacity-on- 
demand  doesn’t  work  as  well  for  a  company  that  uses  expense  dollars 
because  it  would  have  to  modify  its  equipment  lease  every  time  it  turned 
capacity  on,  he  explains. 

As  a  storage  buyer,  Bratt  says  choosing  between  the  two  depends  on 
price.“You  have  to  decide  if  it  makes  business  sense  to  defer  that  cost  out 
or  to  go  ahead  and  capitalize  it,”  he  says. 

Brian  Babineau,  an  analyst  for  Enterprise  Storage  Group,  agrees.  Users 
typically  think  of  these  licensing  programs  only  for  high-end  storage,  not 
for  their  midrange  IBM  FAStT,  EMC  Clariion  or  HP  StorageWorks  systems. 
That  assertion  is  wrong,  he  says. 

Because  most  leasing  programs  are  priced  based  on  capacity  used, 
Babineau  says  that  as  disk  drive  sizes  increase,  midrange  storage  like  the 
Clariion  becomes  a  more  likely  candidate  for  capacity-on-demand, 
metered  and  even  managed  storage  services. 

While  on-demand  storage  no  doubt  provides  welcome  flexibility,  enter¬ 
prise  users  need  to  be  aware  of  the  downsides.  Randy  Kerns,  senior  part¬ 
ner  for  research  firm  Evaluator  Group,  worries  that  such  schemes  could 
put  users  at  a  disadvantage  on  pricing  and  technology. 

“The  customer  is  paying  the  price  of  the  storage  at  the  initial  purchase, 
whereas  storage  declines  in  price  about  40%  per  year,  so  it  isn’t  getting  the 
right  economies,”  he  says.“Plus,  [it  could  miss  out  on]  advantages  of  tech¬ 
nology  as  [arrays  and  drives]  get  faster  and  smaller.” 

No  doubt,  on-demand  storage 
isn’t  yet  perfect.  But  clearly  stor¬ 
age  as  a  utility  is  the  way  of  the 
future.  As  the  Moffitt  Cancer 
Center’s  Bratt  says:  “It  just  makes 
sense.  All  it  takes  to  expand  the 
capacity  is  a  phone  call,  a 
license  key  or  just  using  it.”  ■ 
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Storage  utility  programs 

Carving  out  storage  capacity  as  part  of  the  new  data  center  could 
mean  buying  capacity  on  demand  —  in  one  of  two  ways  —  or  using 
a  managed  storage  service.  Here  are  some  options: 


Company 

Storage 

choice 

Platform  support 

EMC 

OpenScale  automated 
billing  program 

Symmetrix,  Clarion,  Centera, 
Symmetrix  Remote  Data  Facility 

Hitachi  Data 
Systems 

On-demand  and  managed 
services  are  available  on 
a  case-by-case  basis 

Lightning, Thunder 

HP 

Instant  Capacity  on 

Demand  program 

XP  Series,  Enterprise  Virtual  Array 

Pay  per  use 

XP  Series,  Enterprise  Virtual  Array 

Managed  capacity  service 

XP  Series,  Enterprise  Virtual  Array 

IBM 

Managed  storage  service 

Enterprise  Storage  Server,  FAStT 

Outsourcing 

Enterprise  Storage  Server,  FAStT 

Standby  Capacity  on 
Demand  program 

Enterprise  Storage  Server,  FAStT 

StorageTek 

Disk  and  Volume  Services 

All  disk  products 

Pay-as-you-go  metered 
program 

All  tape  products 

Sun 

Pay-for-use  utility  services 

StorEdge 

Managed  storage  services 

StorEdge 

Xiotech 
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Don’t  overlook  audio  clips,  Word  documents 
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Unstructured 


■  BY  JENNIFER  MEARS 


Jjjjfk  t  Genesys  Health  System,  CIO  Dave  Holland  thought  he  had  his  storage  prob- 
lems  licked.  He  would  ditch  cumbersome,  costly  departmental  storage  in 
jM W  "'HIl  favor  of  a  next-generation  enterprise  architecture  that  would  give  him  a 

big-picture  view  while  using  storage  resources  more  wisely  Information  life-cycle  man¬ 


agement  (ILM)  tools,  for  moving  data  from  one  storage  tier  to  the  next  based  on  business 


value,  featured  prominently  in  his  plan.  He  envisioned  a  day  when  all  company  data 
would  move  automatically  based  on  certain  “enterprise  parameters,”  from  a  high-end  EMC 
Symmetrix  system  to  midlevel  storage  such  as  IBM’s  FAStT  system  and  then  to  optical  disk 
for  the  long  term. 

While  the  plan  worked  well  for  database-resident,  structured  data,  Holland  soon  realized  that  it  failed  to  account  for 
the  unstructured  files  critical  to  daily  operations  at  the  Flint,  Mich. .company These  included  electronic  patient  charts, 
and  digital  images  such  as  X-rays  and  MRIs.“When  we  got  started  with  this  whole  project,  we  really  didn’t  think  of 
unstructured  data.  We  really  didn’t  understand  its  value,”  Holland  says. 

Spending  time  with  physicians  as  they  did  their  work  brought  the  issue  into  focus."!  realized  how  much  they  looked 
at  paper  and  how  driven  they  were  by  those  paper  documents,”  he  says,  referring  to  the  patient  charts  that  are  then 
scanned  and  turned  into  electronic  files.“l  also  realized  how  impossible  it  would  be  for  me  to  convert  all  that  data  from 
unstructured  content  to  structured  content  in  order  to  make  it  available.  So  I  said, ‘I’ve  got  to  figure  out  a  way  to  deal 
with  unstructured  data  today  because  it’s  how  they  work,  and  I  can’t  ignore  that.’  ” 

From  content  to  storage  management 

Corporations  everywhere  are  finding  that  unstructured  content  —  data  that  traditionally  has  been 
managed  by  content  managers,  not  the  storage  administrator  —  is  ballooning. Today  about  80% 
of  a  company’s  content  is  unstructured  —  such  as  Word  documents,  PDFs,  spreadsheets,  digi¬ 
tal  images  and  audio  clips,  Enterprise  Storage  Group  says.  New  federal  regulations  that  mandate 
better  access  to  corporate  data  are  forcing  the  storage  management  issue. 

“Content  management  systems  employ  databases  to  sort  and  order,  provide  access  control, 
and  search  files,  PowerPoints,  documents,  PDFs,  whatever  is  in  that  system.  But  as  you  begin 
to  get  into  issues  of  compliance,  you  need  to  think  about  things  in  a  life-cycle  manner]’ 

William  Hurley,  a  senior  analyst  at  the  Enterprise  Application  Group,  says. 

Geoffrey  Bock,  a  senior  consultant  with  Patricia  Seybold  Group,  agrees.  “As  long  as 
enterprise  content  management  [ECM]  systems  were  departmental  in  nature  and  were 
not  necessarily  concerned  about  maintaining  the  corporate  memory  of  a  company 
for  many  years  to  come, storage  was  not  really  an  issue, ”he  says.“Now  that  we’re  build¬ 
ing  [enterprise]  content  repositories,  which  are  multiple  terabytes  in  capacity,  and 
now  that  we  have  to  organize  and  store  this  content  in  a  meaningful  way  storage 
is  becoming  more  of  an  issue.” 

At  Genesys,  Holland  is  looking  at  an  IBM  software  combination  to  integrate 
ECM  and  ILM.  It  already  used  IBM’s  DB2  Content  Manager  ECM  system  to 
provide  physicians  access  to  electronic  patient  data  24  hours 
a  day  and  is  deploying  Tivoli  Storage  Manager  for  ILM.  By 

linking  the  two,  Holland  expects  unstructured  content 
will  be  moved  and  managed  within  the  storage  system 

See  Unstructured,  page  10 
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y\|jhen  we  got  started  with 
this  [ILM]  project,  we  really 
didnst  think  of  unstructured 
data.  We  really  didn*|||  || 
understand  its  value. 


—  Daue  Holland,  CIO,  Genesys  Health  System 
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Introducing  InfraStruXure 
High  Density  Configuration 

The  InfraStruXure"  High  Density  Configuration 

is  a  patent-pending  hot  aisle  containment  system 
that  cools  up  to  20kW  of  blade  servers  in 
a  single  enclosure 


The  InfraStruXure  High  Density 
Configuration  is  ideal  for: 


With  its  modular,  scalable  and  open  building  blocks,  it's  no 

wonder  InfraStruXure 's  rack-based  architecture  is  winning  over 
editors  and  end-users  alike  -  especially  as  blade  servers  and 
server  consolidation  cause  power  densities  to  skyrocket. 

If  you're  not  already  dealing  with  such  high  power  densities, 
the  chances  are  you  will  be  soon.  An  on-demand  architecture 
for  NCPI*,  InfraStruXure™  includes  power,  cooling,  racks  and 
physical  structure,  security  and  fire  protection,  cabling,  and  the 
management  and  servicing  of  these  elements.  It  is  specifically 
designed  to  meet  ever-changing  IT  requirements  through 
scalable,  modular  and  standardized  components. 

For  high  density  applications,  the  InfraStruXure  High  Density 
Configuration  is  a  patent-pending  hot  aisle  containment  system 
that  cools  up  to  20kW  in  a  single  enclosure. 

Flexible  enough  to  be  moved  or  changed  without  system 
reconfiguration,  the  InfraStruXure  High  Density  Configuration 
can  also  be  scaled  to  meet  changing  needs  and  future 
expansion.  This  makes  it  a  perfect  solution  for  converted 
spaces,  as  well  as  high-density  areas. 


" More  computing  power,  but  with  more  heat... 
presents  a  serious  problem  for  companies  unprepared  to  meet  the 

cooling  demands  of  a  data  center 
APC  plays  the  hero 
with  a  three-component 
environmental  system." 


•  Disaster  Recovery  Sites 

•  Blade  Server  Applications 

•  Converted  Spaces 


The  InfraStruXure “ 
Build-Out  Tool  lets 
you  design  and 
specify  InfraStruXure 
solutions  using 
a  Web-based 
configurator. 


Oliver  Rist,  Senior  Contributing  Editor; 
Brian  Chee,  Industry  Expert 
InfoWorld,  3/12/2004 


To  learn  more  about  InfraStruXure,  call  1-888-ISX-2990  today  or  visit  us  at  www.apc.com. 

*  Network-critical  Physical  Infrastructure  (NCPI)  is  the  foundation  upon  which  IT  and  telecommunication  networks  reside. 
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continued  from  page  8 

along  with  the  typical  structured  data. 

But  integrating  ECM  and  1LM  within  the 
new  data  center  might  be  hard.With  depar¬ 
tmental  content  management  systems,  IT 
executives  might  be  contending  with  a  vari¬ 


ety  of  disparate  content  repositories.  Also, 
first  ECM  implementations  tend  to  be 
messy,  Bock  says.  “They  first  need  to 
straighten  out  that  mess  and  then  figure  out 
what  their  storage  architecture  is,”  he  says. 

Rising  to  the  challenge 

Users  can  soon  expect  help  from  vendors 


on  the  integration  challenge.  For  instance, 
ECM  vendor  Documentum  (now  part  of 
EMC),  in  March  announced  its  acquisition 
of  Xerox’s  askOnce  business  unit.  This 
gained  it  technology  for  building  a  virtual 
repository  across  sources  such  as  other 
content  management  systems,  enterprise 
applications  and  search  engines. 


Up  To  Code”  isn’t  the  same  as 
“Maximum  Protection” 


At  DuPont,  we’ve  built  our  reputation  on  protecting  what’s  most  important. 
From  Kevlar*  bullet-resistant  materials,  to  Nomex®  fire-resistant  fabrics, 
DuPont  creates  the  materials  that  protect  what  matters  most. 

In  a  fire,  plenum  rated  data  communications  cables  can  be  one  of  the  largest 
sources  of  smoke,  causing  95%  of  IT  system  damage.  Limited  Combustible 
Cable  made  with  DuPont  "  Teflon®  provides  the  highest  level  of  fire  and  smoke 
protection  available.  Specify  Limited  Combustible  Cable  made  with  DuPont  " 
Teflon®  because  “Up  to  Code”  isn’t  the  same  as  “Maximum  Protection.” 

To  find  out  more,  or  to  locate  Limited  Combustible  Cable  manufacturers, 
visit  Teflon.com/CablingMaterials. 
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“So  now  we  can  federate  non-Documen- 
tum  repositories  as  well  as  our  own  reposi¬ 
tories,  which  means  we  can  include  things 
like  Lotus  Notes,  FileNet  and  OpenText.into 
our  federation  and  search  across  them, 
workflow  across  them  and  manage  them,” 
says  Dave  De Walt,  Documentum  president. 

By  integrating  Documentum  with  EMC 
storage,  the  content  repository  becomes 
aware  of  its  storage  options,  DeWalt  adds. 
“We  have  the  ability  now  to  tag  information 
in  our  repository  and  tell  that  information 
where  to  store  it,  how  long  to  store  it,  when 
to  destroy  it,  when  to  archive  it,  when  to 
compress  it  and  what  to  do  to  it,”  he  says. 

That’s  functionality  about  which  business- 
to-business  office  supply  firm  Corporate 
Express  is  particularly  pleased.  As  a  long¬ 
time  customer  of  both  vendors,  Corporate 
Express  is  working  with  EMC  and  Docu¬ 
mentum  to  implement  a  better,  more  cost- 
effective  way  to  store  unstructured  content, 
says  Wayne  Aiello,  vice  president  of  eBusi¬ 
ness  Services  at  the  Broomfield,  Colo.,  firm. 

Corporate  Express  uses  the  Documentum 
software  to  manage  about  22  million  cus¬ 
tomer  invoices  and  reports,  mostly  unstruc¬ 
tured  PDF  and  XML  files.  It  is  seeing  rapid 
growth  in  the  amount  of  unstructured  data 
within  the  company.  Aiello  attributes  that 
growth  in  large  part  to  the  company’s  use 
of  Documentum  to  store  those  XML  files 
and  HTML  and  other  Web  content. 

“Today  we  store  quite  a  bit  of  data  in  what 
I  would  call  fairly  expensive  storage.  We 
basically  treat  a  lot  of  our  data  as  produc¬ 
tion-level  qualityAnd  then  we  take  very  old 
data  and  archive  it  off.  We  want  to  get  a 
more  intelligent  approach,  have  a  more 
tiered  approach  to  that, ’’Aiello  says.'Tt  s  very 
effective  from  a  business  perspective  be¬ 
cause  the  data  is  very  accessible  for  quite  a 
long  period  of  time.  But  from  a  cost  per¬ 
spective,  we  stand  to  save  quite  a  bit  if  we 
can  learn  to  better  archive  it  and  put  it  on 
to  the  proper  storage  mechanism  depend¬ 
ing  on  the  need.  To  do  that  without  some 
sort  of  content  management  software  like 
Documentum  would  be  very  difficult.” 

Bob  Terdeman,  vice  president  and  chief 
information  architect  at  Rogers  Commu¬ 
nications,  feels  the  same  about  the  ECM- 
storage  integration  project  he’s  undertaken 
at  the  Toronto  company  There,  he  says, 
more  than  80%  of  the  data  is  unstructured. 

“[By  integrating  content  management 
and  storage  tools] ,  you’ll  see  a  huge  level¬ 
ing  in  the  growth  of  high-speed  storage  that 
we’ve  been  using  for  traditional  require¬ 
ments,”  he  says.  “A  great  example  is  the 
number  of  documents,  whether  Fbwer- 
Fbints  or  Word,  that  are  now  sitting  on  con¬ 
ventional  storage,  that  really  belong  in  con¬ 
tent-addressable  storage.  It  could  free  up 
huge  quantities  of  storage  that  could  be 
returned  to  mission-critical  use.”B 

More  online! 

More  online!  A  list  of 
EMC/storage  vendor 
partnerships,  plus  a  look 
at  integration. 
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Four  experts  contrast  new  data  center 
approaches  against  traditional  methods  for 
solving  tough  business  problems. 


ILM:  When  a  Web 
site  can’t  afford 
to  go  down 

Lee  Abrahamson,  practice  director 
of  SAN  solutions  and  advanced 
technology,  CNT 


■  BY  JULIE  BORT 

ure,  the  new  data 
center  is  all  about 
geographically  dis¬ 
persed  resources  pooled  to  work 
as  a  single  entity  But  how  would 
a  new  data  center  network  de¬ 
sign  differ  from  a  traditional 
approach  to  today’s  thorniest 
business  problems?  That’s  the 
challenge  we  gave  to  four  sys¬ 
tems  integrators  who  specialize 
in  new  data  center  technologies. 

While  the  businesses  we  de¬ 
scribed  were  fictitious,  the  in¬ 
tegrators’  solutions  had  to  be 
based  on  actual  work  they’ve 
done  for  users.  As  it  turns  out,  all 
the  designers  now  look  at  a  com¬ 
pany’s  infrastructure  as  a  virtual¬ 
ized  entity  built  on  logical  com¬ 
ponents  —  not  as  a  series  of 
hardware,  software  and  services. 
That  perspective  makes  them  see 
a  server  as  a  processing  periph¬ 
eral,  an  application  as  modular 
bits  of  code  that  can  be  executed 
on  far-flung  servers  or  an  instant 
message  as  a  piece  of  intellec¬ 
tual  property.  That  new  view  be¬ 
comes  the  basis  for  creative  next- 
generation  solutions. 


Business  problem:  A  shipping  company  relies 
heavily  on  its  e-commerce  site  —  so  much  so  that  it 
loses  money  every  second  the  site  is  down.  A  disaster 
that  takes  the  site  down  for  hours  to  days  would  mean 
thousands  —  potentially  millions  —  of  dollars  in  lost 
revenue  and  perhaps  permanent  customer  attrition. 

Traditional  approach:  Create  recovery  points  in  15- 
minute  intervals  on  inexpensive  but  reliable  tape  and 
store  copies  with  an  off-site  disaster-recovery  vendor.  If 
a  disaster  occurs,  contact  the  off-site  vendor.  However,  if 
this  off-site  vendor  supports  too  many  businesses 
affected,  it  might  need  days  to  restore  systems.  Some 
disaster-recovery  sites  can  handle  only  a  small  per¬ 
centage  of  their  customers  simultaneously 

Tape  also  might  prove  to  be  a  bottleneck.  A  busy 
e-commerce  database  easily  could  fill  100  or  more 
“tape  mounts”  in  a  24-hour  period  (meaning  the  num¬ 
ber  of  tapes  used  to  back  up  a  daily  base  copy  of  the 
entire  database  plus  bundles  of  transactions  in  15- 
minute  intervals).  Restoring  many  tapes  would  take 
hours,  perhaps  even  days.  Plus,  for  tapes  stored  off-site, 
the  company  also  must  factor  in  the  time  —  likely 
another  day  —  to  locate  and  ship  the  tapes. 

New  data  center  approach:  Use  information  life- 
cycle  management  (ILM)  to  put  data  on  the  most  cost- 
effective  media  that  also  has  the  performance  attributes 
needed  to  complete  the  storage  job.  Use  expensive  disk, 
mid-priced  disk,  less-expensive  disk  and  tape. 

One  way  to  executive  ILM  is  storage  virtualization, 
which  inserts  storage  intelligence  between  the  host 
and  its  storage.  Most  virtualization  engines  reside  “in- 
band”  on  the  storage  network  and  decouple  the  stor¬ 
age  management  functions  (mirroring  and  snapshots) 
from  the  storage  itself.  This  lets  users  build  heteroge¬ 
neous  storage  environments  (multiple  tiers  and  ven¬ 
dors).  Such  virtualization  engines  may  be  appliances 
but,  eventually,  they  simply  will  be  embedded  in  a  stor¬ 
age  network  node  (like  a  core  switch). 

Virtualization  presents  a  logical  view  to  the  server.  In 
what  1  call  “logical-land,”  certain  physical  storage  limi¬ 
tations  (size  allocations,  expansions)  can  be  re¬ 
moved.  Storage  functions  such  as  mirroring  and  snap¬ 


shots  can  be  applied  to  any  storage  type  by  any  ven¬ 
dor.  The  downside  is  a  single  point  of  failure.  Without 
the  engine,  servers  can’t  read  the  storage,  even  if  they 
are  reconnected  directly  to  it. 

Fortunately  another  option  is  available:  storage-area 
network  (SAN)-based  replication  of  the  physical  data 
rather  than  the  logical  data.  1  call  this  “virtualization 
lite.”This  form  of  virtualization  resides  in  the  data  path, 
but  presents  the  physical  disk  as-is  to  the  server.  It  does 
not  require  logical  re-mapping  of  the  disk.This  version 
sacrifices  some  features  of  full  virtualization  but  retains 
key  features  such  as  heterogeneous  mirroring  and 
snapshots.  And  if  the  engine  is  removed,  servers  can 
operate  directly  connected  to  the  disk. 

So  when  looking  to  save  that  e-commerce  site  from 
a  time-consuming  recovery,  the  first  change  is  to 
replace  tape  with  Tier  3  storage  (Serial  Advanced 
Technology  Attachment)  as  the  primary  recovery 
mechanism.  Tape  would  be  used  for  archiving. 
Virtualization  lite  lets  us  take  highly  efficient  snap¬ 
shots  (base  copy  plus  block-level  changes)  of  our 
Tier  1  storage  (expensive)  and  put  it  on  Tier  3  storage 
(inexpensive),  and  to  mix  and  match  vendors 
between  tiers.  By  retaining  snapshots  on  disk,  a  local 
recovery  even  of  a  large  database  is  a  matter  of 
rolling  back  to  a  previous  online  snapshot,  which 
generally  takes  minutes  —  or  a  few  hours  for  an 
exceptionally  large  database.  Lastly,  the  database  is 
archived  to  tape  weekly  or  so  for  long-term  retention. 

One  bonus  of  virtualization  lite  is  more  affordable  in- 
house  disaster  recovery.  Most  companies  already  have 
multiple  data  centers  and  network  connectivity  be¬ 
tween  them.  We  can  tap  the  heterogeneous  mirroring 
capabilities  of  our  virtualization  lite  engine  to  move 
data  asynchronously  over  lower  bandwidth  links  to 
another  location. This  is  less  costly  than  moving  physi¬ 
cal  batches  of  tape  offsite  daily  We  also  minimize  costs 
by  using  Tier  2  or  3  storage  as  the  replication  target. 

Once  the  primary  site  is  ready  to  come  back  online, 
the  virtualization  lite  engine  at  the  remote  location  can 
mirror  the  database  back  to  the  primary  site,  letting  the 
primary  servers  take  control  with  minimal  downtime. 
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Business  problem:  As  part  of  a  distributed  IT  operation,  an 
entertainment  company  placed  e-mail  servers  at  each  of  its  15 
offices.  With  e-mail  and  instant  messaging  (IM)  use  rapidly 
growing,  predicting  storage  requirements  for  electronic  mes¬ 
sages  had  become  difficult.  Distributed  operations  were  com¬ 
plicating  capacity  planning.  And  planning  was  about  to  get 
worse.  Because  of  compliance  regulations  and  the  corporate 
worlds  increasingly  litigious  nature, the  legal  department  man¬ 
dated  that  IT  keep  a  permanent  record  of  all  messages  for  at 
least  seven  years. 

Traditional  approach:  Add  e-mail  servers  to  nightly  back-up 
processes  to  address  legal’s  mandate  and  then  manage 
server  space  by  reducing  message  stores  on  e-mail  servers. 
However,  this  has  several  drawbacks.  Even  if  Post  Office  Protocol 
is  not  used  —  so  messages  aren’t  downloaded  automatically  to 
the  client  and  deleted  from  the  server  —  users  remain  free  to 
manage  their  own  e-mail.  They  can  delete  messages  stored  on 
the  server  at  will  and  exchange  information  with  whomever  they 
wish  (although  administrators  might  filter  out  certain  domains). 
A  disgruntled  employee  could  leak  messages  or  wipe  an  in-box 
clean  of  all  messages.  If  users  delete  messages  from  the  main 
server  before  a  nightly  backup,  those  messages  would  be  gone 
for  good.  And,  for  users  that  never  delete  their  messages,  system 
administrators  must  ask  them  to  do  so  when  the  servers  run  out 


An  e-mail  archiving  architecture 


The  new  data  center  concept  includes  a  sturdy  yet  flexible  electronic  messaging 
infrastructure,  complete  with  management,  archiving/retrieval  and  disaster  recovery. 
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of  space  —  unless  the  administrators  automatically  expunge 
messages  older  than  a  specified  date.  Should  IT  need  to  locate 
messages  on  a  specified  subject  from  an  archival  tape  —  per¬ 
haps  for  use  in  legal  proceedings  —  finding  messages  based  on 
content  would  be  an  arduous  task,  taking  weeks  to  months  (sub¬ 
jecting  the  company  to  court-imposed  penalties  for  untimely 
compliance),  and  that’s  presuming  the  message  was  saved  to 
begin  with  (with  most  IMs  never  saved  at  all). 

New  data  center  approach:  Treat  every  electronic  message 
sent  or  received  as  a  potential  evidentiary  fact.  Know  the  loca¬ 
tion  of  electronic  information,  who  sees  it,  how  long  to  keep  it 
and  when  to  delete  it.  Develop  access,  creation,  deletion  and  re 


tention  guidelines.  Create  a  plan  that  coordinates  the  physical 
management  of  email  storage  with  logical  electronic  message 
content  management,  including  IMs.  Use  an  electronic  message 
archiving  infrastructure  as  the  technology  that  lets  you  execute 
these  guidelines  and  plans. 

With  a  good  electronic  message  archiving  infrastructure,  all 
messages  would  be  processed  and  stored  centrally  accessible 
not  only  by  the  user,  but  also  possibly  by  a  subset  of  people  from 
various  business  departments  —  legal  and  managerial,  to  name 
two.Two  types  of  servers  are  required  —  one  for  processing  mes¬ 
sages  and  another  for  managing  archival  functions.  Archival 
management  includes  indexing  and  searching  messages  based 
on  various  selection  criteria,  from  dates  and  sender  to  content. 
The  business  gets  the  bonus  of  knowledge  management  —  the 
ability  to  mine  message  vaults  for  useful  business  information. 

This  entertainment  company  would  consolidate  to  its  main 
data  center  the  work  that  most  of  its  15-plus  mail  servers  were 
doing,  leaving  on-site  servers  and  storage  only  at  larger  field 
offices.  Remote  servers  would  be  integrated  with  the  main  mes¬ 
saging  infrastructure,  and  all  messages  would  be  archived  cen¬ 
trally  (see  graphic). Two  main  multi-processor  servers  would  be 
needed  for  each  function  —  message  processing  and  archiving 
—  but  would  be  clustered  for  failover.  Clustering  also  would  give 
administrators  a  way  to  increase  processing  capacity  as  needed, 
even  while  absorbing  remote  office  message  processing. 

Clustering  for  failover  also  mandates  two  storage  tiers.  A  net¬ 
work-based  storage  scheme  is  required  for  any  effective  elec¬ 
tronic  message  archiving  (and  could  be  chosen  among  any  of 
them:  TCP/IP  Fibre  Channel,  storage-area  network,  network- 
attached  storage,  iSCSI  and  Fibre  Channel  over  IP).  One  net- 
work-based  tier  would  be  high  performing  and  handle  the  con¬ 
tinuous  read  and  write  I/O  for  an  intense  application  such  as 
e-mail.  Network-based  storage  connectivity  also  complements 
the  cluster  failover  by  providing  redundant  access  points. 

The  second  networked-attached  tier  would  house  the  archive 
and  would  use  more  economical  media.  This  tier  would  be 
somewhat  slower  performing  but  would  have  autonomic  prop¬ 
erties  —  as  would  the  primary  storage  —  and  it  would  have  fea¬ 
tures  for  short-  and  long-distance  replication  to  help  it  integrate 
with  disaster-recovery  initiatives  (the  disaster-recovery  location 
also  would  need  duplication  of  the  message-archiving  infra¬ 
structure:  servers,  storage  and  data).  Both  storage  tiers  require 
easy  integration  into  the  existing  tape  back-up  process  and 
enterprise  management  and  monitoring  tools. 

Policies  are  needed,  too.  Events  and  dates  should  trigger 
archival  processes  that  move  messages  from  the  primary  store 
to  the  archive.  Policies  that  determine  how  IMs  are  to  be  used 
and  integrated  with  the  central  archival  store  also  are  necessary 
These  should  include  specific  “messenger”  names  that  can  be 
tracked  and  associated  with  staff,  how  and  when  messages 
would  be  blocked  or  flagged  as  suspect, and  access  control  lists 
of  who  and  how  IMs  could  be  used  or  viewed.  The  message 
archive  would  be  indexed  by  content, so  that  key  words  or  activ¬ 
ities  can  be  tracked  and  monitored. 

Educating  employees  will  be  critical.  Human  resources  must 
help  draft  revised  “e-policies”  that  state  proper  use  of  electronic 
messages, both  e-mail  and  IM. Expect  to  train  users  on  how  they 
would  use  the  archive  to  search  and  retrieve  messages,  too. 

Electronic  messages  are  an  indispensable  business  tool,  but 
recent  regulations  are  forcing  businesses  to  treat  every  message 
as  a  potential  legal  document.  A  systematic  electronic  messag¬ 
ing  archiving  infrastructure  should  become  central  to  new  data 
center  plans. 
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MIDDLEWARE  IS  IBM  SOFTWARE.  And  with  IBM  Express 
Middleware  it’s  now  even  more  accessible  than  ever  for 
mid-sized  businesses.  It’s  nimble.  It’s  quick.  It’s  engineered 
to  work  with  your  current  IT  investments.  It’s  tailored  to 
meet  the  needs  of  your  specific  industry.  And  you  don’t 
need  a  Ph.D.  to  install  it.  All  that,  and  it’s  priced  to  put  a  big 
smile  on  Accounting’s  face. That’s  ON  DEMAND  BUSINESS. 


1.  Owners  know  customers’  preferences. 

2.  Branches  know  each  others’  inventory. 

3.  Employees  know  distributors’  stock. 

4.  No  seasonal  inventory  wasted. 

5.  Profits  bloom  dramatically. 


See  how  IBM  and  its  Business  Partners  help  companies  win  with  IBM  Express  at  ibm.com/middleware/express 
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Server  virtualization: 
Controlling  server 
sprawl 

Omar  Yakar,  president,  Agile3BG 
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Business  problem:  Faced  with  massive  expansion,  a  title 
company  was  struggling  to  maintain  IT  service  levels.  Its  em¬ 
ployee  population  had  tripled  to  1 ,000  people  at  40  offices  in 
the  past  year.Some  application  decisions  rested  with  local  per¬ 
sonnel,  which  meant  some  applications  conflicted  with  each 
other  and  had  to  run  on  separate  servers.  Furthermore,  the  per¬ 
formance  of  shared  applications  and  databases  housed  at  the 
central  data  center  was  degenerating.  The  five-person  IT  de¬ 
partment  needed  the  ability  to  manage  applications  without 
adding  headcount  and  while  maintaining  the  company’s 
decentralized  style. 

Traditional  approach:  Maintain  file  and  application  servers 
at  each  office  while  centralizing  databases,  messaging  and 
directory  services.  Replicate  critical  application  databases  to 
each  office.  Opt  for  individual  silos  of  servers  for  each  applica¬ 
tion  set  to  avoid  conflicts.  Increase  network  bandwidth  to  han¬ 
dle  database  and  directory  synchronization  traffic.  However,  this 
would  require  managing  at  least  40  servers  across  40  full-time, 
dedicated  WAN  links,  which  would  incur  high  monthly  recur¬ 
ring  costs  without  even  taking  disaster-recovery  capabilities  into 
account.  It  also  would  continue  to  stretch  a  small  staff  too  thin, 
requiring  frequent  travel  to  all  40  locations. 


Processing  peripherals 


Virtualized  servers  may  look  like  ordinary  physical  servers.  But  inside 
the  box  they  are  really  “processing  peripherals”  while  a  SAN,  such  as 
the  Fibre  Channel  flavor,  handles  storage. 
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New  data  center  approach:  Borrow  a  design  strategy  from 
the  application  service  provider  model,  and  approach  the  IT 
operation  as  though  it  were  meant  to  be  a  profit  center.  If  it’s 
going  to  be  a  profit  center,  how  does  it  keep  high  customer  sat¬ 
isfaction  levels,  high  efficiency  and  low  overhead?  Virtualization 

—  for  storage  and  servers  —  would  be  key 

Server  virtualization,  in  particular,  would  let  business  man¬ 
agers  control  their  own  environment,  even  while  that  environ¬ 
ment  was  being  provisioned  and  managed  from  a  central  facil¬ 
ity  Server  virtualization  allows  the  de-coupling  of  logical  servers 
(for  example  messaging,  database  and  domain  controllers) 
from  hardware.  It  also  isolates  applications  from  the  operating 
system  and  aggregates  multiple  storage  resources  as  one  vol¬ 
ume.  In  other  words,  it  turns  a  physical  server  into  what  I  call  a 
“processing  peripheral.” 

With  applications  isolated  from  the  server  operating  systems, 
an  application-specific  environment  can  run  in  a  protected 
memory  space  rather  than  on  the  operating  system. This  would 
let  a  10-year-old  version  of  Microsoft  Word  run  simultaneously 
on  the  same  physical  server  with  a  new  version,  for  example. 

Some  server  virtualization  products  encapsulate  the  entire 
image  of  a  physical  server  in  one  file  (including  the  operating 
system, applications  and  direct-attached  or  networked  storage). 
In  these  cases,  the  processing  peripheral  (the  physical  server), 
runs  the  virtualization  software  on  its  internal  disks  while  the 
virtual  server  file,  with  its  associated  storage,  runs  on  a  SAN.  An 
application  then  can  boot  from  the  SAN  and  execute  on  the 
chosen  processing  peripheral.  Management  tools  let  you  see  all 
of  the  available  processing  peripherals  and  the  load  on  each 
and  choose  the  best  server  to  run  the  application. 

With  server  virtualization,  logical  servers  are  converted  to  vir¬ 
tual  servers,  meaning  they  become  files  not  tied  to  any  hard¬ 
ware,  but  residing  instead  on  logical  unit  numbers  carved  out  of 
the  SAN.  They  can  be  operated  on  any  physical  server  or  even 
moved  across  different  models  of  hardware  without  interrup¬ 
tion  to  users.  Efficiencies  come  from  consolidation  of  process¬ 
ing  resources,  managing  load  capacities  across  a  pool  of  dis¬ 
parate  resources  and  the  ability  to  quickly  spin  up  any  kind  of 
server  a  business  manager  needs.  In  this  case,  the  title  company 
can  run  all  of  its  applications  on  two  multi-processor  servers, 
each  acting  as  a  failsafe  for  the  other. 

The  title  company  also  would  want  to  make  use  of  an  ILM 
strategy  that  lets  it  lower  storage  costs  by  using  inexpensive 
ATA  devices  (such  as  EMC’s  Content  Addressed  Storage 
[CAS]). CAS  is  analogous  to  checking  your  coat  at  a  restaurant 

—  the  content  (an  e-mail  message,  image  or  document)  is 
assigned  a  ticket  and  then  stored;  when  retrieved  the  ticket  is 
matched  to  the  content  and  delivered. 

Another  crucial  element  is  the  applications.  With  applica¬ 
tions  now  housed  at  a  central  location,  the  title  company 
would  want  to  implement  a  role-based  Web  front  end  that 
aggregates  Web  and  Windows  applications  with  a  common 
user  interface  like  a  browser.  Applications  also  should  run 
on  a  thin-client  design  (such  as  Citrix  or  Web  services). This 
would  limit  bandwidth  requirements,  regardless  of  the  num¬ 
ber  of  applications  running  simultaneously,  while  centraliz¬ 
ing  application  server  management. 

While  the  title  company  still  would  need  40  WAN  links,  it 
could  rely  on  smaller  and  less-expensive  links  for  many  offices 
because  of  thin-client  computing.  Low-cost  VPNs  might  be  used 
as  failovers  to  each  site  should  the  WAN  go  down. 


These  days,  no  network  is  free  of  threats.  That’s  why  you  have  to  assign  network  security  privileges  to  everyone.  Employees,  customers, 
and  partners.  You  need  to  set  an  acceptable  use  policy  that  dictates  what  each  of  them  can  and  can’t  access.  Until  now,  you  had  to  do 

this  manually. 

Not  anymore.  Now  you  can  do  what  Baylor  University  did.  Implement  an  Enterasys  Secure  Networks™  solution  with  a  unique,  policy- 
based  system  that  empowers  the  network  to  allocate  resources  based  on  specific  users  and  their  roles.  The  network  “sees”  who  the  user 
is  and  assigns  privileges  accordingly.  This  improved  control  also  gives  you  more  security. 

It’s  all  about  giving  you  a  smarter  way  to  network  with  central,  intuitive  management.  Find  out  more  at  networksthatknow.eoin/Baylor. 
Or  ask  any  one  of  the  many  enterprise  customers  we’ve  worked  with  for  years. 
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Virtualized  applications: 
An  end  to  sluggish  app 
performance 

Hal  Stern,  CTO,  Sun  Services 
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Business  problem:  A  financial  services  firm  has  based  its 
identity  management  processes  on  a  large,  consolidated  direc¬ 
tory  of  user  information.  Each  user  —  employees  and  cus¬ 
tomers  —  has  multiple  roles,  and  the  directory  includes  appli¬ 
cation  entitlement  information  on  each.  The  directory  main¬ 
tains  a  “trust”  model,  in  which  it  exerts  authorization  control  for 
the  firm’s  applications.  It  authenticates  on  a  per-URL  basis, 
meaning  that  every  time  a  user  accesses  an  application  via  a 
URL,  the  user  is  authenticated.  (This  ensures  that  applications 
accessed  via  bookmarks  are  authenticated  on  each  access.) 

For  applications  that  run  in  the  same  data  center  as  the  direc¬ 
tory,  this  works  well;  the  directory  need  only  send  its  authoriza¬ 
tion  request  across  a  local  network,  tapping  the  memory-resi¬ 
dent  cache  on  a  local  server.  But  add  in  two  cross-country  net¬ 
work  hops,  a  few  router  or  firewall  transits  from  a  far-flung  re 
mote  user,  and  the  firm’s  security  enforcement  has  slowed  to  a 
crawl  (the  rate  of  a  disk  access  per  request).  Users  have  begun 
to  complain  about  the  network’s  sluggish  performance.  IT  ad¬ 
ministrators  also  have  summarily  blamed  the  network. 

Traditional  approach:  Replicate  the  directory  to  each  data 
center  so  each  application  need  go  no  further  than  the  local 
copy  for  authentication.Yet  this  approach  introduces  a  number 
of  operational  risks.  For  starters,  your  directory  server  deploy¬ 
ment  has  increased  from  one  in  one  location  to  one  or  more 
per  data  center,  each  requiring  security  availability  and  perfor¬ 
mance  monitoring. You  lose  the  flexibility  to  modify  the  direc¬ 
tory  when  you  are  saddled  with  such  a  heavy  foundation. 

Plus,  ensuring  the  consistency  of  all  directories  means 
watching  network  latency  and  transaction  completion,  and 
running  consistency  checks.  Missed  replication  updates  create 
confusion  at  best  and  regulation  violations  at  worst.  In  the  long 
run,  replication  actually  slows  down  everything.  Every  time  a 
record  changes,  this  system  generates  network  traffic  while  the 
directories  synchronize  —  you  have  created  latency  (as  you 
are  now  doing  the  equivalent  of  an  N-phase  commit  over  N 
data  centers). 

New  data  center  approach:  For  this  directory  perfor¬ 
mance  problem,  think  about  the  directory  in  virtual  terms  first 
and  then  map  those  terms  to  physical  instances. 

Specifically  separate  the  directory  into  subtrees,  so  that  each 
subtree  is  closest  (or  co-resident)  to  the  applications  whose 
users  consume  that  data  most  frequently  For  instance,  if  most  of 
your  California  users  access  Web-based  applications  through  a 
Web  server  farm  in  the  Los  Angeles  data  center,  then  directory 


entries  for  those  users  should  be  located  there.  Each  directory 
typically  would  have  entitlements  for  all  applications,  but  not 
for  all  of  those  application  users. 

When  applications  need  to  bind  to  the  directory,  steer  these 
binding  requests  to  the  “best”  directory  instance  using  a  direc¬ 
tory  router  or  a  Layer  7  switch  that  can  inspect  Lightweight 
Directory  Access  Protocol  requests.  So  rather  than  first  build¬ 
ing  a  data  center  and  then  networking  it,  look  at  your  IT  design 
as  a  large,  Internet-like  structure  “inside”  the  data  center,  and 
then  you  can  use  more  appropriate  technologies  to  solve  the 
routing  problem.  (Layer  7  switches  are  likely  to  become  criti¬ 
cal  elements  of  the  new  data  center,  useful  for  routing  Web  ser¬ 
vices  requests,  partitioning  databases  or  directories,  or  even 
sorting  traffic  by  service  to  corral  certain  user  loads.) 

How  do  you  decide  which  data  should  be  stored  in  which 
location?  Examine  something  I  call  the  “distance  value”  of 
data,  where  “distance”  encodes  the  logical  distance  to  request 
and  retrieve  a  non-local  piece  of  data.  For  instance,  if  I’m  a 
user  in  California,  and  95%  of  my  entitlement  data  is  in  the 
California  directory,  the  distance  value  of  data  in  New  Jersey  is 
pretty  close  to  zero,  but  near  100%  for  California  data.  When 
deploying  a  virtualized  data  center,  maximize  the  distance 
value  of  data  to  avoid  high-latency  network  transactions. 

The  corollary  is  that  designing  for  what  applications  should 
do  is  easier  than  for  what  they  shouldn’t  do.  But  don’t  let  that 
stop  you. Think  about  data  consumed  by  applications  from  the 
user  perspective. What  data  needs  to  be  consistent  at  all  times? 
What  data  needs  to  be  consistent  locally  and  can  be  updated  in 
other  data  centers  on  a  lazy  basis,  trading  off  a  little  latency  for 
the  global  consistency  of  a  “distance  value”  design?  Modeling 
application  behavior  isn’t  as  hard  as  it  seems.Tear  a  page  from 
the  software  developer’s  Rational  Unified  Process  and  look  at 
how  each  application  consumes  data.  What  are  its  authentica¬ 
tion  patterns?  Where  and  when  does  it  update  directory  or 
database  entries?  It  doesn’t  hurt  to  think  like  a  software  devel¬ 
oper  when  you’re  deploying  applications  built  using  the  very 
same  processes. 

In  the  budding  new  data  center  realm,  enterprise  data  is 
assumed  to  be  highly  distributed,  yet  globally  accessible  via  a 
set  of  networks.  Applications  and  data  that  are  deployed  into 
pools  of  virtualized  resources  are  a  major  design  challenge  for 
the  new  data  center.  But  it’s  really  the  same  old  problem:  If  you 
ignore  the  limitations  of  your  distributed  system,  you’ll  end  up 
with  a  poorly  performing  solution.* 


Raritan's  Dominion™  KX.  Better  KVM  Over  IP. 


As  your  company  grows  and  you're  responsible  for  more  and  more  networking  hardware,  you  have  two  options: 
Get  a  super-scalable  KVM  solution  now,  or  rip  and  replace  later.  Luckily,  the  new  Dominion  KX  lets  you  access, 
diagnose  and  monitor  hundreds,  even  thousands  of  servers  in  any  location  in  the  world  via  KVM  (Keyboard, 
Video,  Mouse)  without  ever  leaving  your  chair. 

With  Raritan's  19  years  of  innovation  in  the  Data  Center,  you  now  have  the  newest  and  most  dependable  choice 
for  an  integrated  KVM  over  IP  switch.  Dominion  KX  is  a  plug-and-play  appliance.  It's  incredibly  scalable,  as  you 
can  see,  delivering  dependable  performance  no  matter  how  big  your  company  gets.  And  by  encrypting  all  KVM 
data,  including  video.  Dominion  KX  provides  the  industry's  most  secure  KVM  over  IP  technology.  It's  the  KVM 
over  IP  solution  that  beats  the  other  options  again  and  again  and  again. 

Schedule  your  on-line  test-drive  today,  by  calling  1-800-724-8090  x1927 
or  by  visiting  us  at  www.raritan.com/927 
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RARITAN'S  DOMINION  SERIES 

The  complete  Data  Center 
Management  Solution 
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How  To  Accelerate 
Enterprise  Applications 
up  to  25  Times! 

How  can  you  accelerate  Online  Transaction  Processing  (OLTP),  Online 
Analytical  Processing  (OLAP),  databases,  modeling  and  high  definition 
non-linear  video  editing  applications?  There  are  many  ways,  but  none 
is  better  than  solid  state  storage  because  of  its  speed,  networkability 
and  low  cost  per  performance. 


I/O  bottlenecks  are  at  the 
root  of  many  performance 
issues.  Traditional  hard 
disk-based  systems,  such 
as  RAIDs,  incur  an  I/O 
performance  penalty 
because  of  the  latency  of 
rotating  magnetic  hard 
drives.  Servers  today  are 
often  under-utilized 
because  of  slow  storage 
performance,  and  this 
reduces  the  performance 
of  critical  applications  and 
represents  a  poor  return  on  investment  for  expensive  hardware.  Solid 
state  disks  resolve  this  problem  with  the  lowest  access  times  and 
highest  bandwidth.  With  a  solid  state  disk,  servers  will  never  wait  on 
storage  again. 

Texas  Memory  Systems'  RamSan-320  solid  state  disk  is  the  World’s 
Fastest  Storage®.  It  has  accelerated  customer  applications  as  high  as 
25x,  and  recently  set  new  records  in  an  audited  Storage  Performance 
Council  benchmark  for  performance  and  price.* 


Possible  Solutions  to  Storage  Bottlenecks 

4 


Data  Access 
Patterns 

High  Write; 

Mostly  Random 

High  Read; 

Mostly  Random 

High  Write; 

Mostly  Sequential 

High  Read; 

Mostly  Sequential 

High  Read;  Reads 
Quickly  Follow  Writes 


% 

In 

X  %  X 


w 


XX 

ooo© 
oooo 

ooo 

ooo 

0*0 


RamSan-320  Solid  State  Disk 

•  Over  250,000  random  IOPS. 

•  Over  1.6  GB/s  random 
sustainable  data  bandwidth. 

•  Hardware  redundancy. 

•  Exclusive  Active  Backup™  backs 
up  data  to  internal  disks  without 
performance  degradation. 
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RamSan-320 


FREE  WHITE  PAPER: 

“Increase  Application  Performance 
with  Solid  State  Disks”  -  includes 
lOMeter  benchmark  results  and  record 
breaking  Storage  Performance  Council 
SPC-1  IOPS  results. 

Download  it  now  at: 
www.texmemsys.com/04 
or  call  71 3-266-3200  ext  544 

TMS  Hr  > 

TEXAS  MEMORY  SYSTEMS 

The  World’s  Fastest  Storage® 


’SPC  Summary  And  SPC-1  Benchmark  Statement:  The  RamSan-320  produced  an  SPC-1  IOPS™  rate  of  112,491.34  and  an 
SPC-1  Price-Performance  vaiue  of  $1  50  at  a  capacity  of  68.71 9GB,  These  results  used  a  Data  Protection  Level  of  Other  Data 
Protection  (Error  Correction  Code  -  ECC)  and  received  SPC-1  Submission  Identifier  A00028.  Full  disclosure  report  is  avail¬ 
able  at  www.texmemsys.com. 

The  World’s  Fastest  Storage  and  RamSan  are  trademarks  of  Texas  Memory  Systems.  ©  Texas  Memory  Systems  2004.  Other 
trademarks  are  the  property  of  their  respective  owners. 


Virtually  Unlimited  Storage 


DataNAS  (High  Performance  Network  Attached  Storage  Filer) 
Starting  at  240  GB  capacity  and  scalable  to  over  20  TB 

•  1TB  capacity  per  1 U  saves  rack  space 

•  High  Performance  at  an  Attractive  Price 

•  Anti-virus  scanning  with  no  annual  subscription  fees 

•  Hot  swap  disk  drives  and  high  performance  backplane 

•  (2)  Gigabit  Ethernet  interfaces  std,addt'l  available 

•  Data  archiving  to  removable  disc  media 

•  Local  and  remote  tape  backup  and  disk-to-disk 

replication 

more  detail  at  www.excelmeridian.coin 

Call  800-995-1014 
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To  advertise  in  Network  Worlds  Marketplace 
call  Donna  Pomponi  at  1.800.622.1  108 
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Storage  Solutions 


►  NAS  -  Network  Attached  Storage  (Embedded)  ►  DAS  -  Direct  Attached  Storage*  ►  SAN  -  (FC-SATA,  FC-FC) 

■  . . 

Storage  technology  protocols  Key  differences  among  competition: 

►  7x24  global  support 

►  Online  and  real-time  depot  parts  express 

►  Channel  program  to  enhance  Xtore’s  business  partners  profitability  (XVR 

►  Highly  compatible  solution  with  certified  third  party  partners 


►  ATA 

►  SATA 

►  SCSI 

►  FIBRE 


US  Headquarters  :  17959  E.  Ajax  Circle  /  City  of  Industry, CA  91 748 

Phone:  (626)  581-7015  /  Fax:  (626)  581-7065  /  E-mail:  sales@xtore-es.com 

©  Copyright  2004  •  All  rights  reserved  to  Xtore  Extreme  Storage,  Inc.  Concept  and  Design  by  Bluesky133.com 
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One  analyst  explains  how  server 
and  storage  virtualization  will  one  day 
converge,  enabling  unified,  and  even  autonomic, 
management  of  today’s  distinct  systems 


BY  JAMIE  GRUENER 

or  years,  server  and  storage  management  have  been  on  parallel,  but 
separate,  technology  development  tracks.  IT  executives,  confronted 
with  quickly  multiplying  numbers  of  servers  and  storage  arrays,  put 
them  there.They’ve  needed  to  treat  these  platforms  as  distinct  entities  that  require 
different  networks,  management  strategies  and  even  staffs  to  maintain  efficiencies 
within  the  data  center. 


But  as  companies  roll  out  data  center  architectures, 
these  two  islands  need  to  blend.  Convergence, 
required  to  further  simplify  and  improve  data  center 
efficiencies,  will  be  quite  possible  with  the  array  of 
new  and  emerging  technologies.  These  include  data 
center  service  management  and  automation  tools, 
blade  servers,  utility  and  grid  computing,  storage-area 
networks  (SAN),  grid  storage,  information  life-cycle 
management  (1LM),  policy-based  management  tools 
and  the  all-important  virtualization. 

Virtualization  is  not  a  new  concept  in  the  server  or 
storage  markets.  Companies  already  are  benefiting 
from  the  ability  to  create  distinct  server  and  storage 
resource  pools,  masking  the  physical  components 
from  users  and  applications.  But  integrated  server  and 
storage  virtualization  holds  the  key  to  true  manage¬ 
ment  convergence. 

Where  virtualization  got  its  start 

In  the  server  market,  virtualization  surfaced  initially 
for  use  with  mainframes.  In  this  environment,  virtual¬ 
ization  tools  assisted  in  workload  management  and 
improved  utilization. 

In  the  late  1990s,  virtualization  tools  emerged  for 
Unix  and  Windows  servers.  These  let  multiple  virtual 
operating  systems  run  on  one  physical  machine  but 
be  logically  independent  with  consistent  hardware 
profiles.  Sometimes  referred  to  as  server  resource 
management,  these  tools  include  partition  managers, 
virtual  machines,  virtual  partitions  and  logical  parti¬ 
tions.  Such  tools  have  grown  in  importance  as  a 


means  to  improve  server  utilization  rates,  as  well  as  to 
better  align  and  manage  application  performance  on 
different  server  platforms,  ranging  from  blade  servers 
to  large  symmetrical  multiprocessing  systems. 

In  storage,  the  earliest  use  of  virtualization  emerged 
in  the  early  1990s  with  the  first  RAID  subsystems, 
which  essentially  combined  that  technology  with 
aggregation.  By  the  late  ’90s,  in  came  storage  virtual¬ 
ization  appliances  aimed  at  improving  management 
and  utilization.  Since  then,  storage  virtualization  has 
evolved  from  a  stand-alone  technology  to  a  feature  of 
storage  infrastructure  management  tools.  This  means 
it  resides  on  host  servers,  on  storage  arrays  or,  increas¬ 
ingly  on  intelligent  switches  in  the  storage  network. 

Storage  virtualization  also  has  enabled  higher-level 
management  functions.  With  a  virtualization  feature, 
data  management  tools  can  better  handle  snapshots, 
replication,  capacity  on  demand  and  policy-based 
decisions.  Volume  management,  also  considered  a 
form  of  virtualization,  has  become  a  mandatory  part 
of  most  data  centers  with  storage  networks  and  large 
storage  arrays.  In  the  coming  years,  it  increasingly  will 
be  a  feature  of  entry-level  storage  arrays  that  target  IP 
storage  and  entry-level  storage  networks. 

Toward  the  fully  virtualized  data  center 

Such  evolving  server  and  storage  virtualization  capa¬ 
bilities  have  prompted  IT  executives  to  begin  rethink¬ 
ing  their  traditional,  regimented,  device-driven,  client/ 
server  data  center  architectures.  Virtualization  lets 
them  consider  a  model  in  which  they  organize  data 


center  components  as  shared  resources. This  will  cul¬ 
minate  in  an  environment  where  all  storage,  server 
and  network  resources  are  virtualized  into  one  pool. 

The  shift  toward  this  ideal  accelerates  at  each  layer 
as  new  technologies  take  advantage  of  the  growing 
computer  and  network  power  available  to  application 
sets.  As  IT  executives  reassess  how  to  deploy  and  man¬ 
age  these  technologies  into  a  more  service-driven  util¬ 
ity  data  center  architecture,  large  system  vendors  and 
start-ups  will  roll  out  technologies  that  will  drive  the 
evolution  of  the  data  center  into  a  utility  model. 

Regarding  the  convergence  of  server  and  storage  vir¬ 
tualization,  management  tools  that  tie  together  the 
provisioning  and  utilization  of  servers  and  storage  in 
various  ways  will  start  emerging  in  the  next  several 
years.  Most  will  come  under  the  guise  of  the  emerging 
data  center  automation  market,  which  will  grow  to 
more  than  $1  billion  in  revenue  by  2006  as  more  cus¬ 
tomers  deploy  blade  servers,  new  generations  of  stor¬ 
age  arrays  and  storage  management  tools,  and  larger 
storage  networks. 

Over  the  next  five  years,  labor-intensive,  manual  tasks 
handled  piecemeal  today  will  migrate  to  automated 
and  highly  intelligent  tasks.  (The  question  remains 
regarding  how  multi-vendor  and  heterogeneous  these 
approaches  will  be,  as  most  virtualization  tools  avail¬ 
able  today  tend  to  be  somewhat  tied  to  hardware  plat¬ 
forms  or  operating  systems.) 

The  drivers 

Integrated  server  and  storage  virtualization  will 
occur  as  IT  executives  change  the  way  they  deploy 
data  center  infrastructure.  This  means  shifting  opera¬ 
tions, application  services  and  hardware  infrastructure 
into  more  of  a  service  model, commonly  referred  to  as 
utility  computing  (and  a  number  of  vendor-specific 
initiatives).  Industry  drivers  that  will  influence  the  inte¬ 
gration  of  server  and  storage  virtualization  longer 
term  include: 

•  Data  center  service  management:  Many  IT 
executives  increasingly  want  to  assign  and  maintain 


Integrated 
virtualization  will 
bridge  management 
islands  that  ham¬ 
string  data  center 
managers  today. 


service  levels  at  the  application 
level,  which  will  require  better  manage¬ 
ment  of  server  and  storage  resources  as  groups 
instead  of  single  entities. 

•  Data  center  automation  tools:  These  tools, 
which  provision  application,  network  and  other 
resources,  increasingly  will  take  advantage  of  the  avail¬ 
abilitymonitoring  and  utilization  capabilities  of  server 
and  storage  virtualization  collectively 

•  Blade  servers:  As  more  customers  deploy  blade 
servers,  the  need  to  virtualize  the  server  hardware  will 
increase  to  mask  the  physical  number  of  servers  work¬ 
ing  on  a  specific  application.  At  the  same  time,  these 
servers  will  need  to  integrate  tightly  with  storage  net¬ 
works  because  of  the  reliance  on  network  storage. 

•  Network  storage:  Today,  storage  virtualization  is 
actively  used  to  manage  SANs.  As  storage  networks 
become  more  prolific  for  Fibre  Channel  and  IP  net¬ 
works,  the  need  to  integrate  with  server  virtualization 
technologies  will  increase  at  the  array,  host  and  in  the 
storage  network  itself. 

•  Grid  computing  and  storage:  Grid  computing 
and  grid  storage  technologies  rely  on  virtualization  to 
develop  a  common  pool  of  resources  (servers  and 
storage).  As  these  models  accelerate  with  more  com¬ 
mercial  deployments,  corporate  IT  executives  increas¬ 
ingly  will  want  to  view  resources  via  a  master  man¬ 
agement  console  that  gauges  their  availability,  perfor¬ 
mance  and  utilization. 

•  ILM:  This  is  a  new  storage  deployment  philoso¬ 
phy  for  managing  the  life  cycle  of  data  from  its  cre¬ 
ation  to  deletion.  As  part  of  this  environment,  the 


need  to  maintain  service  levels  in  support 
of  specific  application  services  will  require 
management  tools  that  can  tap  into  server 
and  storage  virtualization  to  monitor  the 
environment. 

Two  types  of  vendors  will  be  actively 
involved  in  the  convergence  of  server  and 
storage  virtualization  in  the  coming  years. 

The  first  group  includes  the  system  (storage 
and  server)  vendors,  including  Dell,  EMC,  HP 
IBM,  Network  Appliance  and  Sun.  Today 
many  provide  management  tools  that  are 
platform-  or  operating-system-specific  for 
storage  and  server  virtualization. 

However,  many  of  them  clearly  will  be  inte¬ 
grating  server  and  storage  management 
platforms  to  address  their  customers’  long¬ 
term  management  needs.  An  example  of  the  conver¬ 
gence  is  EMC’s  purchase  of  VMware.  This  conver¬ 
gence  should  result  in  a  consolidated  platform  that 
integrates  virtualization,  volume  management  and 
other  infrastructure  management  components  from 
EMC’s  storage  products  with  VMware’s  server  virtual¬ 
ization  products. 

The  second  group  includes  management  software 
vendors  that  are  tackling  growing  layers  of  data  cen¬ 
ter  management  from  the  application  level  through 
the  back-end  storage  systems.  This  includes  compa¬ 
nies  such  as  Veritas  Software  and  Computer 
Associates.  Veritas  has  picked  up  a  number  of  com¬ 
panies  over  the  past  year  to  broaden  its  data  center 
management  strategy  It  acquired  Ejasent  for  applica¬ 
tion-level  virtualization  and  availability,  and  Jareva 
for  server  provisioning.  Veritas  likely  will  integrate 
these  new  products  with  its  volume  management 
and  other  storage  virtualization  tools. 

The  convergence  of  server  and  storage  virtualization 
will  accelerate  over  the  next  year  as  vendors  start  to 
connect  the  use  of  virtualization  technologies  to  dif¬ 


ferentiate  themselves.The  first  integration  wave  will  be 
product-specific  —  meaning  vendors  will  tie  func¬ 
tionality  directly  into  their  own  server  or  storage  man¬ 
agement  strategies.  At  the  same  time,  server  virtualiza¬ 
tion  tools  will  continue  to  integrate  more  aggressively 
with  broader  policy-based  management  tools  and 
frameworks  over  the  next  24  months. 

Integrated  server  and  storage  virtualization  is  pre¬ 
dicted  to  arrive  starting  in  early  2005,  with  full  integra¬ 
tion  occurring  during  the  next  three  years.  By  2007, 
server  virtualization  will  be  a  common  way  to  manage 
server  utilization,  availability  and  provisioning,  espe¬ 
cially  for  industry-standard  servers.  At  the  same  time, 
storage  management  tools  will  take  advantage  of  stor¬ 
age  virtualization  as  a  feature  that  organizes  storage 
capacity  either  volumes  or  files.  As  a  result,  intelligent, 
policy-based  storage  management  tools  will  be  able 
to  focus  more  on  what  the  data  actually  represents 
and  less  on  the  actual  location  of  the  data.Server  man¬ 
agement  tools,  in  turn,  will  leverage  this  same  infor- 

See  Vision,  page  26 
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We've  heard  a  lot  about  the  intelligent  automated  data  center  of  the 
future.  How  do  you  define  the  new  data  center  at  Harte-Hanks? 

The  new  data  center, or  the  utility  model  that  1  talk  about,  is  looking 
at  IT  from  the  shared  resource  perspective  and  not  necessarily  how 
you  pay  for  that  resource.  It’s  a  different  way  of  looking  at  the 
resources  and  putting  them  to  use  for  your  business.To  have  a  util¬ 
ity  model,  you  need  to  have  virtualization  capabilities,  and  those 
virtualization  capabilities  cannot  be  segmented  by  tiered  technol¬ 
ogy  When  they  can  all  be  brought  together,  then  we  can  achieve  a 
truly  dynamic  data  center. 

In  the  past,  data  center  managers  would  be  very  concerned 


“  cott  Hopkins, always  has  one  thing  on  his  mind:  how  to 
make  IT  flexible  enough  to  grow  and  shrink  to  match 
business  goals.  As  vice  president  of  technology 


planning  at  Harte-Hanks,  a  direct  marketing  services  com¬ 
pany  in  San  Antonio,  Texas  (best  known  for  its  PennySaver 
publications),  Hopkins  ensures  that  business  drives  tech¬ 
nology  initiatives  such  as  virtualization  of  storage,  network 
and  server  resources.  Hopkins  says  hed  like  to  see  the  lines 
between  those  distinct  technology  worlds  blur  so  he  can 
create  one  dynamic  pool  of  data  center  resources. 

From  the  company’s  Billerica,  Mass.,  data  center, 
Hopkins  shared  his  vision  of  utility  computing  with 
Network  World  Senior  Writer  Denise  Dubie. 


enter  spotlight  on  stgrarf 

5.S4.D4  >  VUWW.NWFUSION.COM/SUPP/20O4/NDC3 


Scott  Hopkins,  vice  president  of 
technology  planning  for  Harte-Hanks, 
shares  his  road  map  for  an  entirely 
virtual  new  data  center. 


about  what  servers  they  had,  what  technology  they  had  vs.  looking  at  the  data  cen¬ 
ter  as  a  utility  model  and  being  able  to  combine  resources  to  provide  a  service. We 
don’t  look  at  just  servers. We  don’t  look  at  just  the  network, and  we  don’t  look  at  just 
the  storage  environment. You  have  to  really  look  at  all  of  that  as  a  whole,  and  as  a 
utility  that  has  the  ability  to  provide  a  service  to  the  customer,  whether  it  be  inter¬ 
nal  or  external. 

Do  you  use  virtualization  today? 

Right  now,  because  of  the  technology  and  because  the  data  center  is  separated 
into  tiers  —  storage,  server  and  network  —  we  are  only  using  quasi-virtualization. 
We  use  virtualization  in  the  storage  environment  today  We  also  use  resource  man¬ 
agement  tools  on  the  servers  as  well  as  the  network  through  virtual  LAN-type  tech¬ 
nology.  And  we  use  quality-of-service  (QoS)  tools  to  better  use  our  virtualized  net¬ 
work  resources. 

What  are  the  advantages  of  using  virtualization  in  these  technology  silos? 

On  the  server  side,  we’ve  been  able  to  share  more  resources.  Being  able  to  log¬ 
ically  provision  server  resources  protects  us  from  a  security  perspective  and  from 
a  performance  perspective.  If  we  have  multiple  activities  occurring  on  one  serv- 

thers  from  resource  use. That’s  given  us 

,we  have  been  able  to  reclaim  a  signifi- 
storage  environment  just  by  having  the 
provisioning.  We  went  from  a  direct- 
environment  to  a  storage-area  network 
Hows  us  to  do  ‘grade  school’  virtualiza- 
Ve’re  not  in  ‘college’ yet,  but  we  can  bet- 
ise  those  resources  to  provision  storage 
ed  on  business  needs.  If  we  were  in  col- 
>e,  we’d  be  able  to  allow  much  more 
)phisticated  and  complex  virtualization 
o  help  us  manage  storage  resources. 
How  does  network  virtualization  work  in 
your  data  center? 

It’s  about  introducing  QoS  and  [virtu¬ 
al]  LAN  technology,  and  it’s  not  having 
one  network  for  everybody  We  sepa¬ 
rate  the  network  for  security  and  per¬ 
formance  reasons.  Using  VLANs  guar¬ 
antees  performance  and  security  It’s 
more  complex,  but  it  doesn’t  mean  it’s 
harder  to  manage. 

Have  you  been  able  to  consolidate  any 
of  your  storage,  network  or  server  re¬ 
sources? 

For  the  past  12  months  or  so,  we  have 
been  consolidating  servers.  From  a 
management  perspective,  we  put 
together  an  asset  management  plan 
that  looks  at  the  age  of  our  technolo- 
j  gy  and  at  how  the  technology  is 
being  used.Then  [we  can  see]  how 
we  can  collapse  the  number  of 
servers  to  either  newer  technology 
because  technology  changes  so 
rapidly,  or  remove  them  altogether. 
In  terms  of  just  the  chip  speed, you 
can  have  four  of  five  servers  run¬ 


ning  at  different  or  slower 
rates  —  that  can  cost  you 
a  lot.  Understanding  what 
we  have  provides  us  cost 
savings  in  two  ways.  We 
save  in  terms  of  the  man¬ 
agement  as  well  as  the 
maintenance  of  those  environments. 

But  consolidation  isn’t  a  one-time  exercise.  It’s  a  continual  process  because  tech¬ 
nology  changes  so  rapidly, and  you  are  always  going  to  have  aging  servers.You  need 
to  have  a  plan  in  place  to  recycle  technology  We  were  able  to  reduce  our  costs  by 
phasing  out  older  technology  and  transitioning  network  load  to  newer  technology 
It’s  more  expensive  to  maintain  older  stuff,  especially  when  you  have  a  lot  of  it. 
Support  for  older  technology  from  vendors  —  and  even  skills  in-house  —  some¬ 
times  seems  to  be  harder  to  come  by  The  driver  now  is  the  ability  to  look  at  an  infra¬ 
structure  environment  that  gets  us  to  the  next  step. 

What  is  that  next  step? 

I  can  look  at  my  server,  my  network  and  my  storage  tape  environment,  but  what  1 
don’t  have  is  an  overarching  tool  that  ties  those  separate  things  together. That’s  the 
next  level  of  the  data  center:  delivering  a  product  that  ties  network, server  and  stor¬ 
age  together  in  a  framework  that  allows  you  to  manage  effectively  and  save  money. 

Where  does  automation  come  into  play? 

I  am  a  great  believer  in  automation.We  have  done  things  here  that  automate  our 
tape  management,  that  use  tools  to  help  us  monitor  and  provision  our  storage 
environment  and  that  allow  us  to  provision  our  server  environment. We  have  auto¬ 
mated  our  job  processing  into  a  job  scheduler.  We  have  an  automated  help  desk 
capability  that  alerts  staff  if  certain  technology  doesn’t  meet  certain  thresholds  set 
for  the  network,  the  server  or  the  storage  resources.  We’ve  automated  a  lot  of 
administration  processes,  but  that’s  really  just  a  first  step. 

The  next  step  is  using  that  automation  to  move  to  a  virtualization  capability 
Again,  virtualization  today  is  defined  in  three  tiers:  the  storage,  the  network  and 
the  servers.  The  key  for  the  new  data  center  is  creation  of  a  virtualization  tool 
that  doesn’t  do  these  separately.  We  have  to  look  at  this  as  a  utility  model,  and 
not  as  virtualization  of  network, servers  and  storage.  We  need  to  first  virtualize  it 
as  whole.  Vendors  are  not  going  to  make  that  happen  without  standards.  And 
when  1  talk  about  standards,  I  mean  both  vendors  agreeing  on  making  their 
technology  accessible  and  also  IT  managers  agreeing  on  standard  technologies 
to  use  in  their  organization. 

What  are  your  thoughts  on  vendors'  claims  to  provide  self-managing,  self-healing  and 
other  intelligent  features  in  data  center  hardware  and  software? 

Are  you  asking  if  I’m  a  religious  person?  To  a  certain  degree,  I  am  skeptical  about 
what  has  been  said.  It  really  has  to  have  been  well  executed  and  proven  for  Harte- 
Hanks  to  move  down  that  path.  Conceptually,  it  sounds  good,  but  can  the  vendors 
execute  on  those  features  and  can  they  validate  them?  I  don’t  know  if  they  can. 
Today  1  just  don’t  see  the  integration  or  the  ability  to  execute  on  the  overall  frame 
work  from  the  vendors.  I  hope  they  will  eventually  get  there.  It  would  be  great  to 
have  an  integrated  tool  that  looks  into  those  virtualized  tiers  in  an  automated  man¬ 
ner  and  also  has  the  intelligence  to  tell  you  whether  the  resource  is  there  so  that 
the  job  can  be  completed.  It’s  not  out  there  today. 

You  support  automation,  but  you  don't  believe  the  vendors  can  provide  fully 
automated  data  centers? 

It’s  always  a  balance  between  having  prudent  management  and  very  secure  e:  i- 
ronments.and  how  you  go  about  using  automation. The  virtualization  technolog. 
is  where  we  need  to  go,  but  it’s  still  going  to  have  to  be  managed  by  a  human  \~ 
long  as  we  have  that  flexibility,  then  we  will  have  the  capability  to  execute  on 
There  are  so  many  things  that  come  into  consideration  to  do  that  execution  r: 
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can’t  be  automated  today  That  intelligence  and  that  knowl¬ 
edge  can’t  be  pulled  into  tools  today 
How  do  you  see  applications  fitting  into  the  new  data  center? 

To  a  certain  degree  one  has  to  follow  the  other. You  need 
to  have  the  technology  in  the  data  center  that  forces  the 
application  providers  to  change  the  way  they  do  their 
processes.You  need  to  have  applications  that  are  more  par¬ 
allelized  in  processing.  By  that  I  mean  not  single-thread  or 
applications  that  can  adopt  a  one-to-many  model.  You 
need  an  application  environment  that  supports  applica¬ 
tions  sending  their  commands  and  requests  out  to  multi¬ 
ple  resources.  The  database  needs  to  support  that,  the 
servers,  the  storage  and  the  network,  all  before  the  appli¬ 
cations.  The  application  host  needs  to  be  able  to  support 
how  you  designed  the  infrastructure. You  need  to  have  the 
infrastructure  that  provides  that  capability  and  then  appli¬ 
cations  change  to  meet  that. 

The  virtualization  is  in  the  environment  that  touches  our 
customers. There  are  certain  things  on  the  back-end  that 
aren’t  as  high  a  priority  and  don’t  need  to  have  this  reli¬ 
able,  scalable,  affordable  infrastructure  in  place.  But  that’s 


just  our  IT  shop.  Another  shop  that  is  a  pure  IT  shop,  and 
not  a  service  bureau  or  hosting  business,  probably  has  a 
different  vision.  Our  IT  demands  change  when  we  get 
new  customers  or  old  customers  leave  us.  What  we  want 
for  the  future  is  for  that  to  be  easier,  more  manageable 
and  less  costly. 

What  challenges  would  you  advise  peers  to  tackle  first  on 
their  path  to  the  new  data  center? 

One  of  the  first  things  to  do  is  take  inventory  of  the  skills 
of  your  people.To  be  effective  in  this  environment,  the  sys¬ 
tems  admin,  the  storage  admin,  the  [database  administra¬ 
tor],  their  roles  may  change,  and  to  a  certain  extent  their 
skills  may  need  to  change. The  human  element  of  moving 
in  this  direction  is  critical. 

What  technology  hurdles  should  be  addressed  first? 

You  need  to  invest  in  certain  standards,  and  those  stan¬ 
dards  are  not  by  manufacturer  but  by  technology  Once 
you  have  those  standards,  then  you  can  look  at  tool  selec¬ 
tion.  Once  you  understand  the  human  capital  and  what 
the  standards  are,  then  you  can  approach  the  vendor  com¬ 
munity  to  understand  the  tool  set  that  you  will  need  in 


order  to  go  down  this  path  and  see  how  well  vendors 
match  up  with  your  needs. 

What  do  IT  managers  need  to  ask  their  vendors? 

You  want  to  understand  not  what  the  vendors  are  neces¬ 
sarily  doing  today  but  where  the  vendors  will  be  in  the 
future,  what  their  product  plans  are  and  what  their  strategic 
directions  are  for  technology. Then  you  need  to  weigh  the 
validity  of  their  ability  to  obtain  that  and  execute  on  that 
against  your  plans. 

How  much  should  business  drivers  contribute  to  new  data 
center  technology  decisions? 

They  are  one  in  the  same.  Being  able  to  tie  technology  to 
where  the  business  is  going  and  being  able  to  execute  on 
that  is  what  management  needs  to  be  focused  on.  The 
technology  involves  another  set  of  decisions. You  need  to 
have  the  people  that  can  help  you  get  down  that  path.You 
need  to  make  sure  you  communicate  with  the  people  so 
they  can  either  supplement  their  skills,  or  you  can  assist 
them  in  that.  You  need  to  tie  it  to  the  long-term  goals,  you 
need  to  develop  standards,  and  you  need  to  do  the  vendor 
selection.  ■ 


Scott  Hopkins,  vice  president  of  technology  planning,  lords  over  Harte-Hanks’  data  center  opera¬ 
tions  from  his  home  base  in  Billerica,  Mass.  He  takes  us  for  a  look  inside  that  data  center. 


Data  center  statistics:  At  this  data  center,  and  this 
is  just  one  data  center  of  many,  we're  predominantly 
Unix-based  Sun  Solaris.  We  have  about  47  heavy  produc¬ 
tion  servers,  one  mainframe  environment  and  then  a  few 
hundred  servers  that  are  a  healthy  mix  of  Windows  and 
Linux.  For  storage,  we're  very  heterogeneous,  with  some¬ 
where  around  45T  to  50T  bytes  of  storage  right  now. 

Mainframe  plans:  We  have  a  strategy  for  the  main¬ 
frame  to  be  retired  in  the  next  24  to  36  months.  The  tech¬ 
nology  we  are  deploying  today  to  do  our  database  con¬ 
struction  and  to  service  our  customers  is  more  open  sys¬ 
tems  and  Internet-based.  The  cost  associated  around  a 
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good-size  mainframe  environment  is  fairly  significant. 
You  can  deploy  newer  technology  to  meet  the  same  busi¬ 
ness  goal  in  a  less-expensive  environment. 

Linux’s  role:  Directionally,  when  we  talk  about  the 
data  center  of  the  future,  Linux  is  going  to  play  a  role. 
We’re  looking  at  Linux  for  what  I  would  call,  at  this  point, 
niche  areas  of  the  data  center,  fringe  areas  such  as  fire¬ 
walls  and  some  file  servers,  but  in  the  future  it  seems 
that  Linux  as  an  operating  system  might  provide  us  with 
flexibility  and  cost-reduction  as  we  look  at  it  for  our 
database  environments. 

—  Denise  Dubie 
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mation  to  improve  application  perfor¬ 
mance,  availability  and  server  utilization. 

A  missing  piece 

The  lack  of  a  standard  way  for  vendors’ 
tools  to  communicate  with  each  other  pre¬ 
sents  a  problem.  And  given  heterogeneous 
enterprise  server  and  storage  environ¬ 
ments,  such  a  standard  will  be  essential  if 
integration  is  to  work. 

Today,  the  storage  market  has  begun  the 
shift  to  a  standard  way  for  device  man¬ 
agement.  This  standard,  the  Storage 
Management  Initiative  Standard,  will  give 
vendors  a  common  way  over  time  to  per¬ 
form  storage  virtualization.  No  similar 
standard  exists  in  the  server  virtualization 
market,  although  many  vendors  have  said 
they  wish  to  begin  building  an  industry- 
standard  API  to  allow  the  communication 
of  different  server  management  tools.  A 
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likely  scenario  is  that  the  Desktop 
Management  Task  Force  (DMTF)  develops 
such  a  standard,  which  would  take 
upward  of  three  to  four  years  to  complete. 
The  DMTF  has  begun  to  take  a  strong  role 
in  defining  how  utility  computing  compo¬ 
nents  will  speak  to  each  other,  and  stan¬ 
dardizing  the  virtualization  layers  will  be 
crucial  to  any  standard  in  the  utility  com¬ 
puting  market. 

To  be  sure,  the  vision  and  hope  are 
attainable.  One  day  integrated  server  and 
storage  virtualization  will  bridge  the  man¬ 
agement  islands  that  hamstring  data  cen¬ 
ter  managers  today  based  on  hardware 


platform,  operating  environment  and  ven¬ 
dor.  In  the  longer  term,  if  an  administrator 
brings  a  new  server  online,  storage  provi¬ 
sioning  should  happen  automatically.  In 
managing  the  environment,  IT  should 
clearly  see  the  relationships  between 
servers  and  the  storage  environment.  This 
includes  paths  between  servers  and  stor¬ 
age,  awareness  of  which  servers  and  stor¬ 
age  are  hosting  application  services,  and 
integration  with  policy  tools  that  manage 
thresholds,  capacity  and  overall  availabili¬ 
ty  and  performance. 

Lastly,  having  an  integrated  server  and 
storage  virtualization  strategy  could  real¬ 


ize  the  concept  of  autonomic  computing. 
This  includes  allowing  servers  and  storage 
infrastructure  that  will  self-heal,  dynami¬ 
cally  change  as  requirements  increase  or 
decrease,  and  provide  .transparent  migra¬ 
tion  of  applications  to  servers  and  storage 
systems. 

Gruener  is  the  primary  analyst  focused  on 
the  sewer  and  storage  markets  for  The 
Yankee  Group.  His  coverage  area  includes 
storage  management,  storage  best  practices, 
storage  systems,  storage  networking  and 
sewer  technologies.  He  can  be  reached  at 
jgreuner@yankeegroup.  com. 


An  IT  checklist  You  can  prepare  today  for  tomorrow’s 
integrated  server  and  storage  management  potential  by: 

•  Considering  server  and  storage  consolidation  projects  that  leverage  virtualization.  While  in  the  short  I 
term  tools  for  server  and  storage  virtualization  will  be  separate,  consider  using  these  tools  to  assist  in  con-  I 
solidation  projects  to  improve  utilization  of  servers  and  storage. 

•  Evaluating  vendors  based  on  their  strategies  to  build  integration.  Over  the  longer  term,  it  will  be  impor-  I 
tant  to  choose  vendors  that  have  begun  to  demonstrate  integration  with  other  third-party  tools. 

•  Determining  how  integrated  server  and  storage  virtualization  strategies  could  assist  your  move  to  a 
service-based  operations  model  (or  utility  computing  initiative).  A  core  requirement  of  today's  enterprise  data  cen¬ 
ter  operations  increasingly  is  focused  on  defining  and  maintaining  service  levels.  By  employing  consolidated  server 
and  storage  virtualization  strategies,  customers  should  meet  service  levels  more  effectively  and  improve  efficien¬ 
cies  and  utilization  of  server  and  storage  resources. 

—  Jamie  Gruener 
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Data  protection  you  can  trust.  In  a  world  of  uncertainty,  one  thing 
yqu  shouldn't  have  to  worry  about  is  protecting  your  data.  Now,  Quantum 
gives  you  one  less  thing  to  worry  about  -  The  Answer  is  X.  The  new  PX720 
sets  the  standard  in  tape  library  reliability,  flexibility,  growth  and  value.  Unlike 
the  competition,  the  PX720  raises  the  bar  by  including  redundant  power  and 
cooling,  library  management  and  installation,  and  also  delivers  the  highest 
density  per  square  foot  -  all  at  no  additional  cost.  For  the  complete  answer, 
call  866-827-1500,  or  visit  us  a:  www.theanswerisX.com. 
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Personal  servers  simplify  remote  work 

New  wave  of  USB  devices  let  users  carry  their  PC  wherever  they  go. 


■  BY  TONI  KISTNER 

A  new  way  to  work  from  anywhere  is 
emerging.  Rather  than  access  data  and 


■  The  continued  need  for  broadband 
sharing  and  growing  interest  in  enter¬ 
tainment  networks  will  drive  the  value 
of  home  network  equipment  from  $8.3 
billion  today  to  $17.1  billion  in  2008, 
according  to  a  new  report  from  In- 
Stat/MDR.  “Digital  Domicile  2004: 
Home  Networking  Hits  the  Big  Time" 
also  predicts  Asia  will  outpace  North 
America  in  number  of  home  networks 
by  2008.  from  27%  of  all  home  net¬ 
works  worldwide  today  to  36%  in  2008. 
North  America  will  drop  from  46%  to 
34%  in  the  same  period. 

■  Netgear  recently  announced  three 
partnerships  to  serve  larger  custom¬ 
ers.  For  mid-market  wireless  net¬ 
works,  Netgear  offers  a  combination 

of  ProSafe  Wireless  Access 
Points  and  Firetide  Hotpoint 
Wireless  Mesh  Routers,  along  with 
network  management  software  from 
Perfigo.To  provide  IP  telephony  gear, 
Netgear  and  ShoreTel  announced 
they  have  certified  as  interoperable 
Net  gear's  FSM7326P  Layer  3  24+2 
Managed  10/100  Switch  with  Power 
over  Ethernet  and  the  ShoreTel5  IP 
telephone  system. 

■  I ps witch  recently  announced  net¬ 
work-monitoring  software.  Whatsllp 
Small  Business  2004  checks  the 
device  status  and  availability  of  up  to 
10  devices  (PCs,  servers  and  printers), 
to  ensure  optimal  performance.  The 
software  also  monitors  services  such 
as  HTTP,  Simple  Mail  Transfer 
Protocol  and  e-mail.  Visual  reports 
help  users  track  network  diagnostics. 
Geared  to  companies  with  fewer  than 
50  employees  and  limited  IT  help,  it 
costs  $295,  which  includes  support 
and  upgrades  for  one  year. 


applications  remotely  on  your  workstation 
or  company  servers,  now  you  can  carry 
your  personal  desktop  around  with  you  on 
a  specialized  USB  flash  drive  and  host  it  on 
any  PC. 

Sometimes  called  personal  servers, 
microservers,  pocket  servers  or  USB  appli¬ 
ances,  these  devices  let  companies  reduce 
the  number  of  laptops  they  support,  let  net¬ 
work  executives  better  manage  how  end 
users  access  data. 

Another  benefit  is  improved  endpoint 
security;  some  devices  check  untrusted  sys¬ 
tems  for  malicious  code  such  as  key  log¬ 
gers,  and  when  the  user  is  finished  work¬ 
ing,  leave  no  trace  on  the  system.  They’re 
easy  to  roll  out,  as  most  don’t  require  a  serv¬ 
er  installation. 

For  end  users,  personal  servers  make  it 
easy  to  work  from  any  system  safely  with¬ 
out  having  to  lug  around  a  laptop  or  worry 

See  Microservers,  page  72 


Pocket  players 

The  first  wave  of  USB  personal  servers  is  coming  to  market. 
Here’s  a  snapshot: 


Company/URL 

Product 

Features 

Forward  Solutions 

www.4migo.com 

Migo 

Access  to  data,  Microsoft  Outlook, 
replicates  desktop  environment  of  any 
Windows  PC.  Geared  to  small  offices. 

Key  Computing 

www.key-computing.com 

Xkey  2.0 

Exchange  Edition 

Full  Exchange  client  access,  blocks 
spyware,  wipes  browser  traces. 

RedCannon 

www.redcannon.com 

Fireball  KeyPoint 

Creates  safe  computing  environment 
on  untrusted  systems,  stores  down¬ 
loaded  POP3  e-mail. 

Realm  Systems 

www.realmsys.com 

Realm  Key 

Full  Web  server  provides  access  to 
Web  applications,  includes  office  suite, 
e-mail  client  and  CRM  applications. 

HomePlug  trials  hitting  the  market 


■  BY  TONI  KISTNER 

Wireless  continues  to  dominate  the  head¬ 
lines,  but  HomePlug  power-line  technology 
is  making  steady  progress  as  a  home  net¬ 
work  backbone  and  eventually  will  be 
offered  by  utility  companies  as  a  broad¬ 
band  alternative. 

By  2008,  the  number  of  HomePlug 
devices  will  more  than  triple  from  2.7  mil¬ 
lion  in  2004  to  9.6  million,  market  research 
firm  Parks  Associates  predicts. 

Comcast  recently  announced  a  customer 
trial  of  HomePlug  networks,  and  Intellon, 
the  dominant  HomePlug  chip  maker, 
announced  a  partnership  with  TV  network 
Music  Choice  to  demonstrate  a  HomePlug 
system  that  lets  multiple  audio  streams  be 
sent  throughout  the  home  over  power  lines. 

Today,  HomePlug  1.0  transmits  data  at 
14M  bit/sec.  The  upcoming  HomePlug  AV 
specification  will  provide  100M  bit/sec 
speeds  and  quality  of  service  (QoS)  neces¬ 
sary  for  multimedia  and  telephony  appli¬ 
cations.  The  HomePlug  Fbwerline  Alliance 
recently  finished  the  baseline  specifica¬ 
tion,  which  combines  elements  of  several 
competing  technologies,  says  Oleg  Log¬ 
vinov,  HomePlug’s  new  president  A  final 
specification  is  expected  by  year  end. 


Earlier  this  month  at  the  annual  Home- 
Plug  members  meeting  in  Dallas,  the 
HomePlug  alliance  began  work  to  develop 
a  marketing  requirements  document  for 
Broadband  Powerline  (BPL),  a  HomePlug 
specification  for  delivering  broadband 
access  to  the  home  over  power  lines. 

HomePlug’s  BPL  specification  will  trans¬ 
mit  data  to  the  home  at  100M  bit/sec  with 
a  range  of  about  6  miles.  BPL  modems  will 
include  remote  provisioning  and  manage¬ 
ment  software  and  support  application- 
specific  QoS  and  encryption. 

The  specification  also  will  be  interopera¬ 
ble  with  other  power-line  systems  such  as 
xlO  and  Cebus.  HomePlug  BPL  will  be 
compatible  with  the  existing  HomePlug  1.0 
and  HomePlug  AV  letting,  at  least  in  theory, 
one  technology  deliver  broadband  ser¬ 
vices  from  the  provider  to  the  homes’ client 
devices  at  the  same  or  lower  cost  than  DSL 
and  cable. 

BPL  will  let  power  companies  offer 
broadband  services  and  to  improve  power 
management  by  delivering  applications 
such  as  automated  meter  reading,  load 
management  and  fault  detection.  In  the 
future,  utilities  will  offer  programmable 
thermostats  and  energy  services  to  help 
prevent  blackouts. 


In  February  EarthLink  invested  $500,000 
in  Ambient,  a  power-line  communications 
components  maker,  and  for  two  years  has 
worked  with  Ambient  on  a  BPL  with  Con 
Edison.  EarthLink  recently  announced  a 
partnership  with  Progress  Energy  to  test 
broadband  power-line  Internet  service  in 
500  homes  in  Raleigh,  N.C.The  service  will 
cost  $40  per  month. 

Although  BPL  is  often  touted  as  a  good 
access  method  in  rural  areas,  it  also  might 
be  appealing  in  dense  areas  where  802.1 1 
networks  are  overloaded  and  prone  to 
interference.  ■ 
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Digital  home  visions  extend  beyond  entertainment 


By  far  the  high  point  of  the  recent 
Connections  2004  conference  in 
Dallas  was  Louis  Burns’  keynote  pre¬ 
sentation.  The  vice  president  of  Intel  cor¬ 
porate  laid  out  two  visions,  one  you  know  a 
lot  about  —  how  emerging  “digital  home” 
technologies  are  transforming  how  we 
have  fun  —  and  one  you  don’t  —  how  the 
same  technologies  can  help  ease  the 
things  we  worry  about,  namely  taking  care 
of  our  parents  and  grandparents. 

“There’s  radical  change  in  the  industry 
turbulence,  intense  turmoil,  all  of  which 
creates  a  huge  opportunity  for  those  who 
think  creatively  and  take  risks,”  Burns  said. 
After  Burns  introduced  an  Oregon  family 


to  whom  Intel  gave  a  digital  makeover,  he 
shifted  gears  and  brought  out  Eric  Dish- 
man,  a  social  scientist  and  director  of  Intel 
Proactive  Health. 

Dishman  set  the  stage:  There  are  550  mil¬ 
lion  seniors  in  the  world;  there  will  be  1.2 
billion  by  2025.  As  the  population  ages, 
there  will  be  fewer  younger  people  to  care 
for  the  elderly  and  fewer  professionals  and 
family  members  to  ensure  older  people 
take  their  medications  and  exercise  regu- 
larly“Consumers  spend  two  to  three  times 
more  today  on  health  and  wellness  than 
they  do  on  entertainment,”  Dishman  said. 
“We  can’t  scale  quality  healthcare  to  such 
high  numbers.” 

To  illustrate  the  work  Intel  is  doing  in  its 
Seattle  research  lab,  Dishman  and  Burns 
showed  a  video  that  showcased  a  day  in 
the  life  of  a  family  Intel  had  given  a  digital 
eldercare  makeover. 

The  grandmother,  who  wanted  to  main¬ 
tain  her  independence  by  living  alone  for 


as  long  as  possible,  sometimes  forgets  to 
eat  or  take  her  medications.  So  Intel  gave 
her  a  bracelet  with  radio  frequency  ID 
location-sensing  technology  and  equipped 
her  home  with  discrete  cameras  and  sen¬ 
sors  on  doors  and  cabinets.  The  sensors 
track  her  movements  (or  lack  thereof)  and 
alert  a  family  member  or  caregiver  when 
something’s  amiss.  Each  time  she  takes  her 
medication,  the  event  is  entered  into  a  Web 
log  her  daughter  can  monitor  from  her 
office  in  a  faraway  city  (Oh,  I  see  that  Mom 
forgot  to  take  her  morning  meds  today  let 
me  give  her  a  quick  call  to  remind  her.) 

When  grandma  wants  to  take  her  daily 
walk,  she  heads  to  the  door  and  picks  up 
her  cane.  No  ordinary  cane,  the  device  has 
Get-Smart-inspired  sensors  and  phone, so  it 
automatically  calls  a  neighbor  and  says, 
“Hey  I’d  like  to  take  a  walk  with  you,”  when 
grandma  picks  it  up. 

Burns  challenged  the  audience  mem¬ 
bers,  made  up  mostly  of  start-ups.“How  do 


we  keep  up  the  growing  momentum?  This 
time  we  do  what  consumers  need,  we  work 
together,  and  we  deliver  it  collectively  No 
one  company  can  deliver  this  vision. 
Everybody's  gotta  play  here." 

Burns  stressed  the  need  for  standards- 
based  technologies  such  as  those  being 
worked  on  by  120-member  companies  of 
the  Digital  Home  Working  Group,  which  it 
strongly  supports.  To  spur  development, 
Intel  also  has  created  a  $200  million  Digital 
Home  Fund,  thus  far  investing  in  Digital  5, 
Staccato  Communications,  Trymedia  Sy¬ 
stems  and  Wisair.  Intel  also  is  working  with 
the  Center  for  Aging  Care  Technologies 
and  the  Alzheimer’s  Association. 

“We  don’t  care  who  gets  the  credit,”  Burns 
said.  “This  is  an  industry  thing,  not  a  com¬ 
pany  thing.” 

Kistner  is  managing  editor  of  the 
Net.  Worker  section  of  Network  World.  She 
can  be  reached  at  tkistner@nww.com. 


Microservers 

continued  from  page  71 

about  making  network  connections.  They 
also  can  be  used  for  data  backup. The  flash 
drive  market  is  expected  to  more  than  dou¬ 
ble  its  $1.4  billion  in  revenue  this  year  to 
$2.9  billion  by  2008,  according  to  Gartner. 

At  NetWorld+Interop,  four  companies  — 
Forward  Solutions,  Key  Computing,  Red- 
Cannon  Security  and  Realm  Systems  — 
each  put  a  different  spin  on  the  idea.Three 
are  targeting  large  companies;  Forward 
Solutions’  Migo  aims  at  the  small  business 
market,  firms  with  50  to  200  users. 

Migo 

First  launched  in  October,  Forward 
Solutions’  Migo  lets  users  replicate  data, 
mail  accounts  and  desktop  settings  such  as 
wallpaper,  icons  and  favorites  onto  any 
Windows  machine. 

To  set  up  Migo, users  install  a  client  on  the 
workstation  then  select  which  resources 
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Forward  — _ 

Solutions'  Migo  lets 

users  replicate  data  through  two- 

layer  protection. 


and  data  files  and  folders  they  want  to  save 
within  a  particular  time  period  —  for  ex¬ 
ample  within  Outlook,  in-box  messages 
within  the  last  month.  As  you  select  data, 
the  software  lets  you  keep  an  eye  on  the 
amount  of  storage  used.  You  also  can 
include  arid  exclude  data  by  file  type. 

Migo  only  works  with  Outlook,  but  not 
Outlook  Express  or  other  POP3  e-mail 
clients.  There  are  two  layers  of  password 
protection,  in  software  and  in  the  hard¬ 
ware’s  firmware.  When  a  user  plugs  in  the 


figar  Key 

Computing  is 

r  positioning  Xkey  as  a 
secure  alternative  to 
Outlook  Web  Access. 


Migo  drive  and  logs  on,  the  device  auto¬ 
matically  synchronizes  e-mail  accounts, 
updates  data  files  and  checks  online  for 
firmware  and  software  updates.  The  cur¬ 
rent  USB  1.1  versions  include  128K  bytes 
and  256K  bytes  of  flash  memory  and 
cost  $150  and  $200,  respectively. 

The  upcoming  lG-byte  version 
will  cost  less  than  $350,  and 
a  wristwatch  Migo  is  in 
development. 

Xkey 

Key  Comput¬ 
ing  announced 
Xkey  2.0  Exchange 
Edition,  which  provides 
users  their  full  Exchange 
messaging  environment  and 
data  on  any  system.  The  device 
includes  a  32-bit  microprocessor  and  runs 
a  full  Exchange  client,  a  database  for 
securely  storing  Exchange  data  and  a  syn¬ 
chronization  engine,  so  the  host  system 
doesn’t  need  to  run  an  Outlook 
client.  Xkey  synchronizes 
directly  with  the  Ex¬ 
change  server  behind 
the  firewall  using 
HTTP/Secure  HTTP 
Key  Computing  is  position¬ 
ing  Xkey  as  a  more  secure  alterna¬ 
tive  to  Outlook  Web  Access.  Using  Web 
Access,  sensitive  information  can  be  left 
behind  on  the  untrusted  PC,  key  loggers 
can  capture  passwords  or  data  and  authen¬ 
tication  from  an  untrusted  source  is  weak. 
Web  Access  is  vulnerable  to  open  browser 
sessions  and  cached  information. 

When  the  device  is  plugged  into  a  host 
PC,  Xkey  blocks  malicious  spyware  appli¬ 
cations  and  wipes  all  Web  browser  traces.  It 
employs  two-factor  authentication  and  the 
datastream  encrypted  with  a  Secure 
Sockets  Layer  (SSL)  VPN. 

Xkey  2.0  Exchange  Edition  supports 
both  USB  1.1  and  2.0,  and  comes  in  256K- 


byte  and  512K-byte  versions,  which  cost 
$300  and  $400,  respectively  A  1  G-byte  ver¬ 
sion  is  available  by  request. 

Fireball  KeyPoint 

Security  software  company  RedCannon 
showed  its  upcoming  USB  device,  the 
Fireball  KeyPoint,  which  is  expected  to 
ship  next  month.  Billed  as  a  secure  mobil¬ 
ity  appliance,  KeyPoint  also  scans  the  sys¬ 
tem  for  adware,  spyware,  Trojans  and  key 
loggers.  If  anything  is  found,  it  alerts  users 
to  the  type  and  severity,  and  gives  them  the 
option  to  continue  or  end  the  secure  ses¬ 
sion,  during  which  they  can  download 
e-mail  and  data. 

The  device  includes  an  ARM  7  processor 
and  provides  128-bit  data  encryption  and 
an  SSL  VPN  connection.  Future  versions 
will  support  authentication. As  with  the  oth¬ 
ers,  users  can  download  files  and  e-mail 
onto  the  device. The  256K-byte  version  will 
cost  $150;  the  price  for  the  512K-byte  ver¬ 
sion  is  not  yet  announced. 

Realm  Key 

Realm  Systems  unveiled  its  Realm  Key, 
which  the  company  says  will  ship  late  this 
year.  Realm’s  USB  1 . 1  device,  the  Mobile 
Microserver,  works  with  the  SOBA  Web 


Services  Router,  which  includes  manage¬ 
ment  applications  to  control  and  deploy 
thousands  of  pocket  servers.  (SOBA  stands 
for  service-oriented  business  architec¬ 
ture.)  Truly  a  full  PC  on  a  keychain,  the 
Realm  Key  packs  an  embedded  oper¬ 
ating  system,  400-MHz  processor 
and  256M-bytes  of  flash  memory 
with  a  Secure  Digital  expan¬ 
sion  slot  for  another  1G 
byte. The  device  will  in¬ 
clude  an  Outlook¬ 
like  e-mail  client, 
full  Web  brows¬ 
er,  CRM  soft¬ 
ware,  file  backup 
and  management,  and 
collaboration  tools,  even 
a  full  office  productivity 
suite. 

The  Realm  Key  will  synchronize  files 
automatically  and  launch  applications 
directly  It  also  will  support  Web  services 
and  Web-enabled  legacy  applications.  An 
“instant  on”  feature  lets  you  unplug  from 
the  host  system  and  then  plug  back  in 
later  right  where  you  left  off.  It  works  with 
Windows,  Macintosh  and  Linux  desktops. 
There  are  also  slots  for  Secure  Digital 
expansion  and  a  Wi-Fi  connection.  The 
SOBA  router  is  a  rack-mounted  router  that 
manages  pocket  services,  provides  XML 
security  for  Web  services,  monitors  Web 
services,  and  provides  content  filtering 
and  Web  services  routing.  It  will  include  a 
wizard  for  discovering,  configuring  and 
securing  the  devices. 

The  company  will  begin  beta-testing  this 
summer  and  ship  at  fall  Comdex.  Pricing 
and  availability  information  is  not  yet 
available.  ■ 
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AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


0GBase-CX4  lowers  10G  Ethernet  cost 


HOW  IT  WORKS 


10GBase-CX4 

Also  known  as  802.3ak,  the  technology  extends  the 
XAUI  interface  designed  for  chip-to-chip  communi¬ 
cations  to  distances  of  up  to  50  feet  by  using  pre¬ 
emphasis,  equalization  and  twin-axial  cables. 


First  switch  port 


XGMII 


O  Technology  uses  the  same  10  Gigabit  MAC,  XGMII  interface  and  XAUI  encoder/decoder  as 
specified  in  802.3  to  break  signal  into  four  differential  paths  at  3.125  gbauds. 

©  Transmit  pre-emphasis  concentrates  on  high-frequency  components  to  compensate  for  loss 
in  PC  assembly,  connectors  and  cable  assembly. 

©  Connector  and  cable  assembly  are  designed  for  InfiniBand  but  specified  by  802.3ak  to 
accommodate  equalization  requirements. 

G  The  receive  equalizer  provides  final  boost  to  signals  reduced  by  cable  assembly. 


B  BY  DAN  DOVE 

Despite  the  myriad  of  media  types 
available  for  10G  Ethernet  networking, 
the  technology  is  too  expensive  for 
many  corporations  to  realize  its  perfor¬ 
mance  benefits.  That’s  why  the  IEEE 
developed  10GBase-CX4,  a  lower-cost 
switch  interface. 

The  802. 3ak  task  force  formed  in  2002  to 
quickly  create  a  standard  for  10G  Ethernet 
that  operates  on  twin-axial  cable  assem¬ 
blies  of  up  to  50  feet.With  Gigabit  Ethernet 
rapidly  moving  to  the  desktop,  a  higher- 
speed  fat  pipe  would  be  needed  between 
desktop  switches  and  distribution  switch¬ 
es  to  combine  traffic  in  much  the  way  that 
Gigabit  Ethernet  had  done  for  10/100M 
bit/sec  networks. 

When  using  Gigabit  links  for  stacking 
Gigabit  switches,  the  typical  throughput  is 
well  below  the  aggregate  bandwidth  of 
the  switches  and  therefore  performance  is 
limited.  With  10GBase-CX4,  performance 
can  be  scaled  to  take  advantage  of  this 
faster  pipe.  In  addition  to  responding  to 
the  broad  demand  for  high-speed  inter¬ 
connects  within  wiring  closets,  lOGBase- 
CX4  also  can  be  used  in  data  centers  to 
aggregate  servers. 

Range  is  not  critical  for  this  application 
because  most  switches  reside  in  a  wiring 
closet.  But  cost  is  paramount,  as  the 
uplinks  are  often  integrated  directly  into 
desktop  switches  and  the  cost  of  the 
uplinks  is  amortized  into  the  per-port  cost 
of  the  switch. 

Approved  in  February  802.3ak  is  eco¬ 
nomical  because  it  reuses  portions  of 
802.3  and  other  standards  to  simplify  and 
lower  the  cost  of  implementation.  For 
example,  802. 3ak  specifies  the  same  type 


of  connectors  and  cables  now  used  with 
4X  InfiniBand,  letting  vendors  incorporate 
10GBase-CX4  capability  directly  within 
highly  integrated  chips.  It  also  minimizes 
design,  installation  and  maintenance 
costs  by  preserving  802.3  network  archi¬ 
tecture,  management  and  software  fea¬ 
tures.  As  a  result,  the  IEEE  expects  installa¬ 
tion  costs  for  copper  10GBase-CX4  inter¬ 
connections  to  be  one-tenth  that  of  com¬ 


parable  lOGBase-optical  solutions. 

Ethernet  engineering 

10GBase-CX4  uses  the  XAUI  (10  Gigabit 
Attachment  Unit  Interface)  specified  in 
802. 3ae,  and  the  4X  connector  that’s  used 
for  InfiniBand. 

Rather  than  attempt  to  transmit  10  giga¬ 
bits  over  a  single  copper  link,  the  802.3ak 
specification  uses  four  transmitters  and 


four  receivers  operating  differentially  over 
a  bundle  of  very  thin  twin-axial  cables  to 
transmit  2.5G  bit/sec  each  at  a  baud  rate 
of  3.125  GHz  per  channel  with  8B10B  cod¬ 
ing.  This  requires  four  differential  pairs  in 
each  direction  for  a  total  of  eight  twin¬ 
axial  channels  per  assembly 

Pre-emphasis  and  receiver  equalization 
are  used  to  boost  the  signal  energy  to 
compensate  for  loss  at  high  frequencies. 
Pre-emphasis  is  a  technique  whereby  the 
high-frequency  content  of  a  transmitted 
signal  is  boosted  or  low-frequency  con¬ 
tent  is  attenuated  to  compensate  for  high- 
frequency  loss  in  cable  assembly.  Receiver 
equalization  is  a  similar  process  applied 
at  the  receiver.  Using  pre-emphasis 
reduces  the  dynamic-range  requirements 
on  the  receiver  equalizer  and  makes  it 
easier  to  implement  in  standard  silicon. 

Cable  assemblies  for  CX4  are  slightly  dif¬ 
ferent  from  the  InfiniBand  cable  assem¬ 
blies  from  which  they  were  derived.  The 
802.3ak  committee  chose  to  specify  them 
using  a  more  precise  method,  and  there¬ 
fore  some  InfiniBand  cables  might  not 
meet  CX4  specifications. 

While  CX4  cables  are  not  as  readily 
available  as  Category  5e  patch  cords,  mul¬ 
tiple  suppliers  offer  them.  Unlike  Category 
5e  cables,  which  are  field  terminable,  CX4 
cables  require  factory  termination, so  cus¬ 
tomers  must  specify  length.  Longer  cables 
tend  to  be  larger  in  diameter,  but  for  typi¬ 
cal  distances  of  less  than  20  feet  the  diam¬ 
eter  of  a  CX4  cable  is  close  to  that  of 
Category  5e. 

Dove  is  chair  of  the  IEEE  802. 3ak  task 
force  and  principal  engineer  for  HP 
ProCurve’s  networking  business.  He  can  be 
reached  at  dan.dove@hp.com. 


Dr.  Internet 


By  Steve  Blass 


Where  can  I  find  an  open  source  Secure  Sockets 
Layer  VPN  package  for  Windows? 

OpenVPN  (openvpn.sourceforge.net)  is  an  open 
source  SSL  VPN  system  that  supports  servers 
and  clients  across  several  platforms.  Version  1 
required  unique  ports  for  individual  VPN  client 
connections.  Version  2  (now  in  beta)  provides  a 
multi-client  server  mode.  The  OpenVPN  Windows 
installer  includes  all  the  binaries  for  servers  and 


clients.  The  difference  between  servers  and 
clients  is  in  the  configuration  files  you  create. 
After  downloading  and  installing  OpenVPN  on 
two  machines,  configure  a  “shared  secret”  con¬ 
nection  between  the  two  systems.  Then  enable 
Transport  Layer  Security/SSL  authentication  to 
use  multi-client  server  mode.  The  OpenVPN  doc¬ 
umentation  shows  how  to  use  the  included 
OpenSSL  to  generate  and  deploy  the  required 
security  certificates  from  your  chosen  certificate 


authority.  To  create  your  own  OpenVPN  Win¬ 
dows-based  certificate  authority,  copy  openssl. 
cnf  from  the  source  code  ZIP  file  into  your 
OpenVPN  “bin"  directory,  edit  the  text  to  match 
your  system,  and  add  “-conf igopenssl.cnf”  to  the 
openssl  commands  given  in  the  documentation. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 


Companies  adopting  HP  Integrity  servers,  powered  by  industry-leading 
Intel  Itanium  2  processors,  are  seeing  remarkable  gains  in  performance. 

The  momentum  is  building.  One  after  another,  companies  are  choosing  HP  Integrity  servers. 
Leading  software  and  technology  partners  such  as  BEA,  Microsoft,1  Oracle,  SAP  and  Siebel 
Systems  have  embraced  the  platform  as  an  industry  standard.  And  with  the  ability  to  manage 
a  mixed  environment  of  UNIX,  Microsoft  Windows,"  Linux  and  OpenVMS,  HP  Integrity  servers  are 
fast  becoming  the  ultimate  consolidation  tool.  Demand  maximum  performance,  reliability  and  cost- 
efficiency  now,  on  a  platform  that  will  carry  you  forward  into  the  future.  Demand  performance 
that's  real-world  proven,  and  get  it— with  HP  Integrity  server  solutions. 


See  who's  choosing 
HP  Integrity  servers 
and  choosing  results, 

AIRBUS  UK 
COMPUSA 
FIAT  AUTO 

THE  KOEHLER  GROUP 
RAYMOND  JAMES 


To  get  the  IDC  white  paper  outlining  the  performance  of  HP  Integrity  server'  with  Intel  Itanium  2  processors, 
go  to  hp.com/go/demandlntegrityl3  or  call  1-800-282-6672,  option  5  mention  code  AQHG. 


Intel.  Intel  Inside,  the  Intel  Inside  Logo  and  Itanium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries. 
Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation.  ©2004  Hewlett-Packard  Development  Company,  L.P. 
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RSS  technology,  final  take 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


Over  the  past  two  weeks  we’ve  been 
delving  into  Really  Simple  Syndica¬ 
tion,  and  this  week  we’re  going  to 
wrap  it  up  with  a  cool  tool  that  relies  on 
another  cool  tool. 

For  all  you  Outlook  users,  we  have  an 
add-in  called  NewsGator  for  Outlook 
(www.newsgator.com)  that  integrates  RSS 
feeds  with  your  Outlook  folder  system. 

Because  users  tend  to  spend  a  lot  of  time 
in  Outlook,  it  makes  sense  to  have  News- 
Gator  deliver  your  newsfeeds  into  the  same 
environment,  providing  a  powerful  way  to 
integrate  information. 

When  you  install  NewsGator  (a  painless 
process),  you  choose  a  base  folder  under 
which  NewsGator  creates  a  subfolder  for 
each  feed  you  want  to  follow.  When  you 
select  the  base  folder,  you  will  see  the 
default  NewsGator  summary  page  listing  in 
the  right-hand  document  pane.  On  the  left 
side  of  the  pane  is  a  list  of  the  most  recent 
items  from  all  feeds  with  a  list  of  all  unread 
items  below.  On  the  right  side,  all  of  the 


feeds  are  listed  with  a  count  of  the  total 
number  of  new  items  in  all  feeds  and  the 
number  of  new  items  for  each  feed. 

You  can  click  on  any  of  the  individual 
items  and  news  feeds  to  go  to  the  item  con¬ 
tent  or  list  of  items  in  a  feed. You  also  can 
force  a  refresh  of  the  summary  page,  run 
the  feed  search  wizard  to  add  new  feeds  to 
NewsGator  or  customize  the  program. 

Customizing  lets  you  change  how  often 
feeds  are  refreshed,  how  the  base  folder 
presentation  is  laid  out, define  blog  posting 
attributes,  connect  to  the  NewsGator  on¬ 
line  subscription  services  or  change  how 
NewsGator  looks  by  specifying  a  new 
extensible  Stylesheet  Language  Trans¬ 
formation  file  for  NewsGator  to  apply  to  its 
output. 

NewsGator  can  aggregate  RSS  and  Atom 
feeds  along  with  Net  News  Transfer  Proto¬ 
col  (NNTP)  sources.  Subscription-based 
NewsGator  services  also  are  available  that 
provide  feeds  based  on  keywords  or  a  spe¬ 
cific  item’s  content  (these  services  also  can 
be  accessed  via  Post  Office  Protocol  clients 
or  Web  browsers  independently  of  News¬ 
Gator). 

When  you  select  an  item  from  a  news 
feed  you  can  forward  it,  set  follow-ups, 
search,  print  —  in  fact,  do  most  of  the 
things  you  can  do  with  any  e-mail  item. 


NewsGator  also  supports  its  own  plug-ins, 
which  let  you  do  things  such  as  post  to 
NNTP  groups,  archive  NewsGator  posts  to 
SQL  databases  and  post  directly  to  Weblogs 
(blogs)  that  support  the  Blogger  API  (for 
example,  Blogger),  those  that  support  the 
MetaWeblog  API  (such  as  Radio  Userland), 
pMachine  and  BlogX. 

Our  only  complaint  with  NewsGator  is 
that,  although  you  can  forward  a  feed  item 
by  e-mail,  the  program  does  not  treat  feed 
items  like  e-mails.  This  is  important 
because  it  means  you  can’t  apply  rules  to 
feed  items  —  a  real  disappointment. 

If  you  test  or  buy  NewsGator  you  may 
notice  that  under  the  menu  path  “Tools! 
OptionslOtherl Advanced  OptionslAdd-In 
Manager”  there  is  nothing  about  News- 
Gator.There  is,  however,  a  new  add-in  called 
Redemption  Helper  Outlook  Extension, 
also  known  as  Redemption  Library  or  just 
Redemption  (although  a  previous  applica¬ 
tion  might  have  already  installed  this  li¬ 
brary). This  is  our  other  cool  tool.  Redemp¬ 
tion  (www.nwfusion.com,  DocFinder: 
2132)  solves  a  number  of  problems  that 
anyone  seriously  programming  Outlook 
will  have  come  across.  Chief  among  these 
problems  are  the  access  limitations  inher¬ 
ent  in  Office  2002  and  2003  and  created  by 
applying  the  Outlook  Email  Security  Up¬ 


date  (released  in  2000)  or  Service  Pack  2 
for  Microsoft  Office  98  and  2000. 

The  security  changes  add  e-mail  attach¬ 
ment  filtering,  which  blocks  executable 
code,  Visual  Basic  scripts,  photo  images 
and  Internet  shortcuts.  It  also  requires  that 
you  confirm  each  time  an  application  tries 
to  access  Outlook’s  address  book. 

Redemption  is  a  COM  library  that  uses 
Microsoft’s  Extended  Messaging  Applica¬ 
tion  Programming  Interface  to  replace  the 
features  the  update  blocks. Once  registered 
on  the  system,  Redemption’s  services  are 
accessible  to  any  programming  language, 
such  as  VB, VBA, VC++  and  Delphi. 

Among  its  other  features,  Redemption 
gets  around  another  Outlook  limitation  by 
giving  access  to  a  number  of  functions  and 
properties  that  aren’t  exposed  in  the 
Outlook  object  model,  such  as  direct 
access  to  the  RTF  body  of  any  Outlook 
item,  Internet  message  headers  and  sender 
e-mail  addresses.  But  we  digressed  . . . 

We  really  like  NewsGator.lt  is  stable,  works 
well  and,  being  integrated  with  Outlook 
and  supporting  blog  posting,  is  really  effec¬ 
tive.  It  is  a  steal  at  $29.  The  Redemption 
library  is  free. 

No  access  restrictions  at  gearhead@ 
gibbs.com. 


Tablets:  Great  hardware,  OS  is  just  OK 


GoolToo 

Quick  takes 
on  high-tech  toys 


Two  companies  recently  sent  in  their  new  Tablet  PCs, 
one  a  slate  style  that  also  includes  an  optional  key¬ 
board  and  the  other  a  “convertible”  tablet  that  looks 
more  like  a  notebook,  but  converts  into  a  slate. 

We  were  impressed  with  all  the  new  hardware  features 
these  devices  have,  including  extra  ports,  embedded  wire 
less  and  a  fingerprint  scanner.  Even  some  of  the  vendor- 
specific  bundled  software  was  better.  But  the  underlying 
Microsoft  Tablet  PC  operating  system  still  leaves  lots  to  be 
desired,  as  the  handwriting  recognition  and  other  applica¬ 
tions  don’t  make  us  happy  and  make 
us  want  to  run  right  back  to  our  old, 
reliable  notebooks.  The  hardware 
makers  have  done  a  great  job  with 
their  latest  equipment,  but  users 
need  to  wait  until  the  next  version 
of  the  Tablet  PC  operating  system 
(hopefully  by  year-end)  comes  out. 

The  scoop:  Fbrtege  M205  laptop/ 
tablet  PC,  from  Toshiba,  about  $2,000. 

What  it  does:  It’s  a  laptop!  It’s  a 
tablet!  It’s  two  devices  in  one  slick 
package.  Opened  up,  it’s  a  basic  lap¬ 
top  with  a  1 .5-GHz  Pentium  M  proces¬ 
sor,  60G-byte  hard  drive,  512M  bytes  of 

The  Portege  M20&  screen  swivels  so  you 
can  show  the  display  to  a  colleague  easier. 


RAM, integrated  802.1  lg  wireless, NVIDIA  graphics  card  and 
external  CD/DVD  drive  (optional). Things  get  funky  when 
you  spin  the  12.1-inch  LCD  screen  around  like  Linda  Blair’s 
head  in  “The  Exorcist.”Then  you’re  staring  at  the  back  of  the 
screen, but  a  person  sitting  across  the  conference  room  can 
watch  whatever  presentation  you  are  showing. 

From  there,  when  you  fold  the  screen  back  down  on  the 
keyboard, you’ve  got  a  regular  slate-style  tablet.Take  out  the 
stylus  and  you’re  good  to  go,  with  the  ability  to  write  on  the 
screen.  The  Fbrtege  includes  several  interesting  applica¬ 
tions,  including  Alias  Sketchbook  Pro  (pen-based  sketching 
tool  with  annotation  features)  and  the  Franklin  Covey 
Tablet  Planner  (writing  out  calendar  and  to-do  lists  with  the 
tablet  and  then  converting  the  text). 

Why  it’s  cool:  Being  able  to  write  notes  and  to  draw  with 
a  stylus  is  the  reason  to  buy  an  M200  series  product.  You 
have  the  choice  of  a  variety  of  for¬ 
mats,  including  the  basics  —  a 
blank  page  and  a  lined  one  —  all 
the  way  to  graphs  and  music. 

You  scratch  away  with  the  stylus, 
then  highlight  the  area  you  want  to 
save  and  either  save  it  as  is  or  con¬ 
vert  it  to  text.  For  a  left-handed 
scribbler,  this  is  where  it  gets  inter¬ 
esting.  We’ve  used  tablets  in 
the  past,  and  have  always  been 
disappointed  by  their  inability  to 
read  handwriting,  but  the 
Toshiba  did  an  OK 
job. 

We  wouldn’t  rec¬ 
ommend  writing 
your  doctoral  thesis 


on  one  of  these.  But  if  you  need  to  take  some  quick  notes 
at  a  meeting  and  would  rather  do  it  electronically  and  be 
able  to  store  and  send  the  notes  around  without  having  to 
transcribe  them,  or  if  you  want  to  be  able  to  draw  a  dia¬ 
gram  and  then  save  it,  this  is  what  you’ve  been  looking  for. 

Grade:  irirki  (out  of  five) 

The  scoop:  Ml  400,  from  Motion  Computing,  about  $2,000. 

What  it  does:  The  Ml 400  is  a  slate-style  Tablet  PC  that 
includes  a  1.1-GHz  Pentium  M  Ultra-Low  Voltage  processor, 
60G-byte  hard  drive,  256M  bytes  of  RAM  (upgradeable  to 
2G  bytes),  built-in  802.1  lg  wireless  and  a  standard  finger¬ 
print  reader  for  authentication. The  12.1-inch  XGA  display 
includes  a  wide  viewing  angle,  which  makes  it  good  for 
showing  presentations  or  designs  to  several  people  around 
a  conference  room  table. 

For  a  more  traditional  look  and  feel,  the  M1400  includes 
an  optional  keyboard  that  attaches  via  USB  port  to  make  it 
“look”  more  like  a  notebook,  or  you  can  attach  the  tablet  to 
a  docking  station  and  use  a  large  keyboard  and  monitor. 

Why  it’s  cool:  Having  a  fully  featured  PC  that  you  can 
carry  around  with  you  is  the  main  appeal  of  the  M1400, 
and  writing  on  the  screen  for  note-taking  certainly  adds 
points.  Motion  Computing  did  a  great  job  with  its  extra 
hardware  features,  such  as  an  ambient  light  sensor  for 
improved  power  management, and  a  software“dashboard” 
that  lets  you  control  several  tablet  functions  (such  as 
microphone  settings)  from  one  screen.  The  inclusion  of 
the  fingerprint  reader  also  adds  to  the  security  of  the  data 
stored  on  the  tablet. 

Grade:  kkiri 

Shaw  can  be  reached  at  kshaw@nww.com.  Features 
Editor  Neal  Weinberg  contributed  to  this  report. 
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ON  TECHNOLOGY 

John  Dix 

Focus  on 
processes,  not 
the  technology 

How  is  it  that  two  companies  can  spend  the  same 
amount  on  IT  and  one  will  get  a  solid  business 
bounce  out  of  the  investment  and  the  other  will 
see  nowhere  near  the  gain? 

Erik  Brynjolfsson,  a  professor  of  management  at  the 
MIT  Sloan  School  of  Management  and  the  director  of 
MIT’s  Center  for  eBusiness, shared  his  thoughts  and 
research  on  the  matter  last  week  at  the  2004  MIT  Sloan 
CIO  Symposium. 

He  started  by  dispensing  with  the  age-old  productivity 
paradox.“Economists  agree  today  that  IT  has  been  the 
single  most  important  factor  in  productivity  growth  since 
the  mid  ’90s,”  he  said. 

Productivity  growth  was  1.4%  from  1973  until  the  early 
’90s,  and  many  economists  thought  it  had  settled  there  for 
good.  But  in  1995  it  jumped  to  2.5%  and  by  2000  had 
reached  4.5%.  Some  economists  thought  it  would  settle 
back  down  after  the  bubble  burst,  but  surprise,  surprise,  it 
has  stayed  at  4.5%  even  as  a  recession  settled  in. 

That  growth  can  be  attributed  to  IT,  Brynjolfsson  said. 

But  not  the  technology  itself;  the  business  process 
changes  enabled  by  the  technology  such  as  new  ways  of 
dealing  with  suppliers  and  customers. 

Brynjolfsson  shared  research  showing  average  compo¬ 
nent  costs  associated  with  a  $20.5  million  software  IT  pro¬ 
ject:  hardware  cost,  $800,000;  software,  $3.2  million;  imple¬ 
mentation  (piloting,  process  reengineering,  consulting) 
$9.3  million;  and  deployment  (labor,  travel,  training)  $7.5 
million. 

IT  tangibles  —  the  software  and  hardware  —  usually  get 
treated  as  the  real  investment,  and  intangibles  get  less 
attention,  yet  they  account  for  the  bulk  of  the  costs. 
“Today’s  companies  are  becoming  less  and  less  depen¬ 
dent  on  physical  assets  and  more  and  more  dependent 
on  information  and  software  assets,”  Brynjolfsson  said.  IT 
is  a  catalyst  for  productivity  surge,  but  organization  capital 
accounts  for  the  bulk  of  the  real  benefit. 

Based  on  extensive  survey  data,  Brynjolfsson  concludes 
that  the  companies  that  are  IT-intensive  AND  marry  orga¬ 
nizational  practices  to  computing  usage  get  the  best 
return  on  their  dollar.  He  calls  companies  that  get  it  right 
“digital  organizations.” 

A  member  of  the  audience  asked  Brynjolfsson  how  he 
reconciles  his  views  with  those  put  forth  in  the  Harvard 
Business  Review  story  “IT  doesn’t  matter." 

“IT  by  itself  isn't  the  story” he  said. “What  gives  advantage 
is  having  optimized  business  practices  in  place.  Business 
processes  are  difficult  to  discover  and  difficult  to  imitate.” 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 
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‘Cure'  is  worse  than  disease 

Regarding  “XP  fix  previews  impact  of  a  more 
secure  Windows”  (www.nwfusion.com,  DocFinder: 
2126):  A  service  pack  that  causes  more  problems 
than  it  fixes  —  what  will  Microsoft  think  of  next? 
Instead  of  fixing  its  operating  system  code  to  cure 
the  security  vulnerabilities,  Microsoft  modifies  the 
Internet  Connection  Firewall  so  that  it  breaks  appli¬ 
cations.  I  will  be  very  hesitant  to  apply  this  service 
pack  to  my  XP  installations. 

Stephen  Smith 
Network  systems  analyst 
Teleplan  Videocom  Solutions 
New  Castle,  Del. 

Licensing  not  so  important 

I  would  like  to  echo  the  sentiments  Stuart  Owen 
expresses  in  his  letter  to  the  editor  “In  defense  of 
Microsoft”  (DocFinder:  1524).  It  is  time  to  stop  talk¬ 
ing  about  “costly  Microsoft  licensing  fees.”  I  support 
the  entire  computing  infrastructure  of  a  $1.5  billion 
dollar  company.  Of  the  entire  operating  budget, 
only  0.8%  of  the  dollars  are  allocated  to  Microsoft 
licensing  fees.  And  we  are  a  Microsoft  shop;  no 
Unix  or  Linux.  I  don’t  think  I  am  going  to  be  a  hero 
to  the  CFO  if  I  cut  my  licensing  costs  from  0.8%  to 
0.4%.There  are  more  important  issues  in  the  typical 
IT  budget  than  Microsoft  licensing  costs. 

Paul  Lourd 
Greenwich,  Conn. 

Gall  for  cell  phone  civility 

A  recent  item  in  “The  Good,  the  Bad,  the  Ugly” 
(April  12,  page  6)  concerns  Cingular’s  “inconsider¬ 
ate  cell  phone  man”  ads  being  shown  in  movie 
theaters.  I  have  not  seen  the  ads,  so  1  cannot  com¬ 
ment  on  their  content.  But  as  for  Cingular,  I  say, 

E-mail  letters  to  jdix@mvw.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 


“Good  for  them!”  It’s  about  time  someone  showed 
those  insensitive  boors  just  how  obnoxious  cell 
phones  in  public  really  are.  People  need  to  relearn 
old-fashioned  manners,  courtesy  and  civility. 
Cingular  should  be  lauded  for  having  the  audacity 
to  speak  out. 

George  Augustas 
Dallas 

Coercive  tactic 

Regarding  “Cisco  to  revamp  IOS  software”  (Doc¬ 
Finder:  2127):  In  this  case,  Cisco  should  put  the  IPSec 
management  information  base  (MIB)  on  the  PIX 
firewall.  Because  the  PIX  does  not  have  an  IPSec 
MIB,  you  cannot  monitor  any  VPN  connections  to  it. 
In  other  words, you  cannot  answer  the  simple  ques¬ 
tions  of  who  has  connected  to  your  VPN  and  how 
long  they  have  been  there.  By  not  putting  the  IPSec 
MIB  in  the  PIX,  Cisco  twists  everyone’s  arm  to  buy  a 
VPN  concentrator. 

Gregg  Branham 
Alpharetta,  Ga. 

Starved  for  attention 

The  story  “Security  holes  force  firms  to  rethink  cod¬ 
ing  processes”  (DocFinder:  2128)  notes  that  Micro¬ 
soft  has  20,000  software  engineers  and  12  security 
specialists.That  means  each  specialist  handles  1,666 
software  engineers,  giving  each  a  maximum  of  1.25 
hours  of  undivided  attention  per  year.  I  guess  the 
attention  paid  to  individual  software  engineers  by 
the  security  specialists  is  reflected  in  the  security 
record  of  Microsoft  products. 

John  Telford 
Fbrtland.Ore. 


■  Readers  share  their  views  on  spyware. 
See  more  letters  on  PAGE  80. 
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STAYING  CONNECTED 

Edward  Horrell 


Wireless'  new  target  The  enterprise 


Wireless  is  growing,  in  the  number  of  companies  offering  ser¬ 
vice  and  the  number  of  cell  towers  being  built.  With  calling 
plans  in  the  dozens  per  carrier  and  a  vast  array  of  devices 
available,  sales  are  good  and  getting  better. 

But  good  sales  don’t  always  lead  to  profits.  The  FCC  has  seen  to 
that.  When  the  FCC  allowed  for  number  portability  last  November,  it 
created  a  firestorm  in  wireless  that  had  never  been  seen  before. The 
fire  will  be  stoked  a  little  more  when  it  is  carried  to  smaller  markets 
this  month. 

Number  portability  has  let  users  switch  from  carrier  to  carrier  without 
the  previous  pain  associated  with  changing.This  has  created  a  tremen¬ 
dous  churning  effect,  which  results  in  activity  which  looks  good  on 
paper.  It’s  never  been  easier  for  consumers  to  change  their  wireless 
provider  —  just  avoid  a  contract  and  switch  as  you  like.  If  you  like  an 
unlimited  calling  plan  better  than  limited  minutes,  change  away  Prefer 
Catherine  Zeta-Jones  to  a  mysterious  man  in  black?  Go  get  her.  Keep 
your  old  number,  and  no  one  is  the  worse  for  the  change. 

But  make  no  mistake  about  it:The  sweet  spot  for  the  wireless  indus¬ 
try  is  not  the  consumer. This  market  is  flattening  as  the  users  simply 
change  around  to  other  carriers.  The  sweet  spot  is  enterprise  busi¬ 
ness  —  specifically,  the  market  referred  to  as  machine-to-machine. 
Machine-to-machine  involves  the  communication  between, and  con¬ 
trol  of,  remote  machines  (or  systems)  in  real  time,  with  the  goal  of 
lowering  operating  costs  and  letting  carriers  offer  new  applications 
and  services.  One  industry  observer,  Alexander  Associates,  estimates 
that  machine-to-machine  wireless  will  be  a  $4  billion  revenue  gener¬ 
ator  by  2008,  and  that  there  will  be  more  machine-to-machine  con¬ 


nections  than  cell  phones  in  eight  years. 

This  is  where  the  landscape  is  going  to  change.  Consumers  base 
their  wireless  buying  decisions  on  the  locations  of  retail  stores  and 
the  carriers’  spokespersons.  Enterprise  decisions  are  made  more 
slowly  and  deliberately.  Consumers  like  color  and  plans;  enterprise 
businesses  like  applications  and  technology. 

What  this  means  is  that  the  wireless  industry  is  going  to  follow  in 
the  footsteps  of  its  older  brother,  the  long-distance  industry.  Rates  will 
be  leveled  and  lowered  as  competition  for  enterprise  accounts 
increases.  (Today’s  large  corporations  pay  less  than  ever  for  interex¬ 
change  service.  One  MCI  representative  told  me  that  he  starts  his 
sales  calls  with  “How  much  are  you  willing  to  pay?”  before  he  even 
gets  started  with  the  selling  process.) 

Lower  prices  mean  lower  margins,  which  mean  fewer  profits  for  all. 
This  results  in  two  types  of  wireless  carriers:  those  that  will  do  lunch 
and  those  that  will  be  lunch.  The  former  are  going  to  eat  the  latter 
until  the  market  is  downsized  to  normalcy  The  shakeout  will  begin 
soon  and  will  be  swift. 

My  suggestion  to  enterprise  wireless  users  is  to  try  to  have  a  contract 
as  flexible  for  your  business  as  the  one  you  have  at  home.  Make  every 
effort  to  negotiate  an  opt-out  provision  regarding  the  assignment  of 
your  contract  in  the  event  of  an  acquisition.  Don’t  sign  long-term  con¬ 
tracts.  In  other  words,  try  to  be  on  the  “do-lunch” side  of  the  equation. 

Horrell  is  an  independent  telecommunications  consultant,  speaker 
and  author  in  Memphis,  Tenn.  He  can  be  reached  at  edward horrell 
@mindspring.com  or  via  his  Web  site,  www.edhorrell.com. 
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MOVE  THE  CLOUD 

James  Kobielus 


rid  computing  is  no  empty  buzz  phrase. 
In  fact,  it’s  a  very  substantial  approach 
for  scaling  and  optimizing  distributed 
hardware  resources.  Grids  aggregate  idle 
processor  cycles,  storage  capacity  and  other 
resources  throughout  networks,  thereby  serv¬ 
ing  client  applications  with  supercomputer- 
grade  performance.  Depending  on  how  broadly  they’re  implemented, 
grids  can  extend  dynamic  resource  brokering,  parallel  processing  and 
load  balancing  to  all  computers  on  an  intranet,  extranet  and  even  a 
portion  of  the  Internet. 

Over  the  past  year,  grid  computing  has  become  an  increasingly 
prominent  theme  in  the  road  maps  of  platform,  tool  and  middleware 
vendors.  In  January,  several  vendors  announced  development  of  the 
Web  Services  Resource  Framework  (WSRF)  specifications  for  grid 
interoperability  In  March,  the  Organization  for  the  Advancement  of 
Structured  Information  Standards  (OASIS)  established  a  technical 
committee  to  develop  WSRF  into  an  open  Web  services  standard.Then 
last  month,  close  to  20  vendors  announced  the  establishment  of  the 
Enterprise  Grid  Alliance  (EGA)  to  create  a  grid  interoperability  refer¬ 
ence  model,  and  address  security  and  other  issues  critical  to  grids  in 
corporate  server  clusters. 

So  grid  is  starting  to  mature,  as  a  market  and  an  approach  for  distrib¬ 
uted  processing.  But  the  road  to  maturity  is  long,  and  grid  computing 
won’t  be  ready  for  enterprise  prime  time  for  at  least  another  three  to 
five  years.  Some  significant  milestones  must  be  reached  before  corpo¬ 
rations  can  take  for  granted  the  presence  of  a  ubiquitous, platform-inte¬ 
grated,  standards-based  grid  infrastructure. 

First,  OASIS’ WSRF  technical  committee  must  finish  work  on  its  speci- 
fications.Then  these  specifications  must  be  ratified  and  adopted  broad¬ 
ly  by  grid  vendors,  including  the  Globus  Alliance,  which  provides  the 
industry’s  dominant  open  source  grid  tool  kit.  Other  grid  industry 
groups  must  coordinate  their  work  to  provide  comprehensive  grid  ref¬ 


Grid  not  ready  for  prime  time 


erence  models,  reference  implementations,  best  practices  guidelines 
and  interoperability  events.  All  this  could  take  two  to  three  years,  con¬ 
sidering  the  complexity  of  WSRF’s  diverse  specifications  and  the  need 
to  square  them  with  other  emerging  Web  services  standards  in  areas 
such  as  security  and  management. 

Furthermore,  platform  vendors  must  integrate  grid  features  and  stan¬ 
dards  natively  into  their  products.  Today  many  production  grids  are 
implemented  with  Globus’ open  source  tool  kit  or  with  point  products 
from  small  vendors.  Currently  some  platform  vendors  —  most  notably, 
HR  IBM,  Oracle  and  Sun  —  have  strong  grid  solutions  and  directions. 
But  several  other  important  platform  vendors  —  most  notably, 
Microsoft,  Novell  and  BEA  Systems  —  lack  grid  functionality  and  have 
yet  to  announce  commitments  to  grid-enable  their  products.  For  exam¬ 
ple,  grid  is  mentioned  nowhere  in  Microsoft’s  Longhorn  wave  for 
2006/2007;  consequently  the  vendor  probably  won’t  address  grid  in  its 
core  platforms  until  2009  or  2010  at  the  earliest. 

Finally, grid  won’t  truly  mature  till  it  breaks  out  of  its  traditional  niche: 
serving  the  massive  parallel  processing  needs  of  supercomputing  appli¬ 
cations  in  scientific  and  engineering  environments.  Grid  potentially 
could  be  used  to  scale  and  accelerate  all  manner  of  applications, 
including  search  engines  and  application,  database  and  mail  servers. 
Oracle  and  IBM  are  ahead  of  the  other  platform  vendors  in  this  regard, 
having  grid-enabled  their  respective  application  servers  and,  in  Oracle’s 
case,  its  database  and  portal  servers. 

For  the  rest  of  this  decade,  grid  computing  will  deepen  its  presence  in 
its  traditional  scientific  and  engineering  niche.  However,  grids  increas¬ 
ingly  also  will  penetrate  a  broader  range  of  commercial  environments, 
thanks  to  new  standards  and  vendors’  growing  commitment  to  this 
powerful  paradigm. 


Grid  computing 
won’t  be  ready 
for  enterprise 
prime  time  for 
another  three  to 
five  years,  at 
least. 


Kobielus  is  a  senior  analyst  with  Burton  Group,  an  IT  advisory  sewice 
that  provides  in-depth  technology  analysis  for  network  planners.  He  can 
be  reached  at  (703)  924-6224  or  jkobielus@burtongroup.com. 
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A  losing  battle 

Mark  Gibbs’  spyware  column  doesn’t  dis¬ 
cuss  the  many  legitimate  sites  that  aid 
scumware  vendors  in  their  endeavors  by 
bundling  spyware  on  downloads, 
or  hosting  ActiveX  or  Java  code 
that  exploits  visitors’  browsers. 

More  importantly,  many  of  these 
scumware  providers  are  violating 
federal  laws  and  exploiting  chil¬ 
dren  with  their  “products.” 

The  bundling  of  spyware  with 
other  products  has  gotten  to  the 
realm  of  the  absurd,  and  it  directly 
affects  everyone.  I  am  the  senior 
engineer  for  a  large  school  dis¬ 
trict,  and  spyware  is  one  of  our  top 
three  service  issues.  We  routinely 
see  hundreds  of  installed  mal¬ 
ware,  spyware  and  trackers  on  PCs 
in  the  school  district.  The  net 
effect  has  been  to  tie  up  our  sup¬ 
port  techs  in  trying  to  eliminate  or 
alleviate  spyware  infestations.  In 
particular,  some  of  the  newer  spy- 
ware  is  taking  on  virus-like  quali¬ 
ties  and  actively  tries  to  prevent 
removal  or  attempts  to  defeat  or  cripple 
anti-spyware  tools. 

The  biggest  problem  we  have  encoun¬ 
tered  is  the  “adware”  products  that  serve  up 
pop-up  windows.  We  have  seen  repeated 
instances  of  this  kind  of  scumware  serving 
up  pornography  which  is  particularly  dis¬ 
turbing  when  it  shows  up  on  computers 
serving  young  children.This  is  a  blatant  vio¬ 
lation  of  federal  and  local  pornography 
statutes,  but  little  is  being  done. 

We  now  have  to  maintain  a  blocklist  on 
our  primary  router  that  prevents  access  to 
thousands  of  sites  affiliated  with  these 
scumware  vendors. We  spend  a  significant 
amount  of  time  and  effort  to  prevent  and 
block  this  garbage, and  like  spam,  it’s  a  los¬ 
ing  fight. 

Michael  Dunne 
Senior  network  administrator 
Abilene  Independent  School  District 
Abilene, Texas 


Productivity  killer 

Spyware  is  one  of  the  most  pervasive  drags  on  productivity  that 
I  have  ever  seen.  I  am  baffled  as  to  why  anti-virus  vendors  con¬ 
sider  spyware  to  be  a  separate  topic;  they  could  kill  the  anti-spy- 
ware  software  market, yet  they  don’t. And  it  amazes  me  that  anti¬ 
spyware  vendors  don’t  charge  more  for  their  products. 

As  a  consultant  I  make  most  of  my  money  these  days  by 
removing  spyware  for  clients.  These  programs  slow  down  peo¬ 
ple’s  computers  and  sometimes  they  make  them  unusable,  yet 
the  anti-virus  vendors  seem  to  ignore  them.The  worst  problems, 
as  Mark  Gibbs  points  out,  are  with  Winsock  2  Layered  Service 
Provider,  which  most  Internet  users  eventually  will  encounter. 
(And  yes,  I  question  why  Microsoft  seems  to  ignore  the  problem 
that  it  has  created.) 

1  find  that  almost  every  client  PC  I  work  on  has  some  sort  of 
spyware  on  it.  By  removing  it,  I  can  almost  always  guarantee 
a  performance  improvement.  I  am  left  wondering  why 
Microsoft  has  provided  the  hooks  to  “drive-by”  software 
installs  in  the  first  place. 

Scott  Dennis 
Owner  and  consulting  engineer 
InfoTech  Alaska 
Anchorage 


problems  than  almost  any  other  “mal¬ 
function”  I  can  think  of.  I  have  a  sinking 
feeling  that  Gibbs’  estimate  of  spyware’s 
cost  to  an  organization  would  fall  short 
if  this  problem  were  to  be  investigated 
more  thoroughly 

John  Burr 
Systems  engineer 
MicroVantage 
Las  Vegas 

Inherently  evil 

The  main  reason  I  object  to  spyware  is 
that  I  didn’t  ask  for  it,  don’t  want  it  and 
believe  it’s  basically  evil.Yes,evil.If  I  met 
you  on  the  street  and  slipped  my  hand 
into  your  pocket  surreptitiously  retrieved 
your  wallet,  rummaged  around  and 
checked  out  your  driver’s  license,  credit 
cards,  photos,  notes,  concert  tickets  or 
whatever  else  you  had  in  there,  it  would  be 
a  crime.  Or  say  I  followed  you  around  day 
and  night,  watching  everywhere  you  went 
or  shopped.  Stalking.  A  crime,  even  if  I 
claimed  to  have  your  best  interests  in 
mind.  Even  if  all  I  did  was  use  the  informa¬ 
tion  I  gathered  to  “tailor”  my  sales  efforts  to 
offer  you  good  deals  on  products  and  ser¬ 
vices  1  felt  might  interest  you,  it  still  would 
be  a  crime.  Why  is  it  not  a  crime  when  the 
same  thing  happens  on  my  PC? 

My  organization  spends  a  fair  amount  of 
money  in  hardware  and  software  licensing 
costs  every  year  to  protect  our  network  and 
data.  We  don’t  treat  adware  any  differently 


JOHN  HERSEY 


Cost  even  higher 

The  increasing  presence  of  spyware  is 
almost  taking  on  a  life  of  its  own  among 
our  customers.  My  company  is  spending 
an  ever-increasing  amount  of  time  chasing 
down  and  eliminating  spyware  on  our 
customers’  PCs.  Just  recently  I  was  called 
to  a  site  where  one  PC  was  almost  unus¬ 
able.  The  main  user  had  applied  security 
patches  religiously  and  ran  a  virus  scan  on 
a  regular  basis;  unfortunately,  other  per¬ 
sonnel  had  access  to  the  machine  when 
he  was  not  present.  Pop-up  ads  were 
appearing  immediately  upon  logging  on 
to  the  PC  and  would  bury  the  screen  if 
Internet  Explorer  were  opened.  It  took 
over  four  hours  and  several  techniques, 
including  spyware  removal  software 
(more  than  one  program)  and  manual 
deletion,  to  regain  a  measure  of  control. 

Spyware  is  beginning  to  cause  more 


than  spam  and  viruses.  If  we  didn’t  ask  for 
it,  we  don’t  want  it,  and  it  has  no  business 
on  our  systems. 

Howard  Stewart 
Fbrtsmouth.Ohio 

A  form  of  hacking 

The  idea  that  spyware  is  legal  is  preposter¬ 
ous.  Every  bit  of  spyware  I  receive  is  done 
through  the  exploitation  of  a  security  hole, 
which  by  definition  is  a  form  of  hacking 
and,  as  such,  should  be  illegal  for  that  rea¬ 
son  alone.  In  addition,  the  way  it  installs 
could  classify  it  as  a  Trojan  horse  or  a 
worm/virus.  I  never  accepted  a  license 
agreement  that  installed  spyware;  all  my 
spyware  came  from  pushed  installs  by 
Web  sites. 

Most  people  whose  systems  are  crippled 
by  spyware  end  up  reformatting  their  hard 
drives,  not  realizing  that  their  systems  can 
be  recovered.This  stuff  is  bad.Very  bad.  But 
until  enough  people  complain  about  it,  it 
won’t  stop. 

Today  my  system  is  locked  down  so  tight, 
my  son  can’t  play  his  games  without  my 
explicit  permission.  I  load  the  game  up  for 
him  in  a  secured  environment,  so  even  if 
his  game  were  the  next  Michelangelo,  it 
would  be  harmless. 

Armand  Welsh 
Newport  Beach,  Calif. 

Winsock  LSP  fix 

I’m  the  network  administrator  for  the  inter¬ 
nal  network  of  a  local  cable  company  I 
became  involved  with  our  technicians  for 
installing  cable  modems,  and  the  main 
problem  we’re  experiencing  is  getting  cus¬ 
tomers  to  realize  that  they  have  adware/ 
spyware  on  their  computers. 

Through  several  hours  of  testing,  trou¬ 
bleshooting  and  trying  to  find  the  right 
combination  of  fixes'  to  speed  up  cus¬ 
tomers’  connections  and  sometimes  just 
get  them  connected,  the  following  steps 
have  proven  to  be  a  30-  to  60-minute  fix  for 
all  of  our  customers: 

•  Install  and  run  Ad-Aware  6.0  (check 
for  updates  first).  We  also  like  to  use 
Spybot  Search  and  Destroy,  but  Ad-Aware 
is  less  trouble  to  run  and  install  on  a  cus¬ 
tomer’s  PC. 

•  If  the  Internet  connection  is  suddenly 
destroyed  (Internet  Explorer  can’t  browse 
or  get  e-mail),  run  the  WinsockXPfix.exe 
found  at  www.tntmax.com/Download/ 
Software/WinsockXPFix.exe/view.  This  will 
fix  the  Winsock  files,  which  might  get  delet¬ 
ed  when  removing  spyware/adware. 

•  Go  to  www.pcpitstop.com  and  run  a 
free  test  on  your  system.  This  will  check 
your  PC  for  any  problems  you  might  be 
experiencing  and  provide  fixes  for  many 
of  them. 

Michael  Lesley 
Hannibal,  Mo. 


More  online! 


www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other 

topics.  DocFinder  2125 


ADVERTISEMENT 


"We  have  a  motto  that  says  IT  will  not 
stand  in  the  way  of  what  the  business 
needs  tO  do."  —  Robert  Otto 


Robert  Otto 
CIO  and  CTO 

The  United  States  Postal  Service, 
Washington,  D.C. 

Robert  Otto  started  his  professional 
career  as  a  clerk.  Today  he  is  the  CIO  and 
CTO  of  the  United  States  Postal  Service®, 
which  processes  about  55  percent  of  the 
world's  daily  mail  volume.  Tasked  with 
reengineering  the  USPS's  technology 
infrastructure,  he's  led  an  effort  to  con¬ 
solidate  and  centralize  disparate  systems, 
standardize  tools  and  vendors,  upgrade 
the  network,  and  embrace  the  Web  and 
wireless  technology. 

Otto  and  his  team  have  built  an  advanced 
computing  environment  that  has  saved 
the  USPS®  some  $50  million  annually. 
More  than  30  Web-enabled  self-service 
applications  help  employees  manage 
items  such  as  health  benefits  and  life 
insurance,  as  well  as  training  on  demand. 

Last  year,  more  than  176  million  con¬ 
sumers  used  the  usps.com  website.  The 
USPS  also  introduced  a  hugely  popular 
desktop  service  called  Click-N-Ship®, 
which  allows  mailers  to  create  their  own 
shipping  labels. 

Great  Moment  at  Work:  "Seeing  the 
positive  impact  this  project  has  had  on  the 
employees  and  customers  of  the  USPS." 

Microsoft  Office  System  salutes  those 
who  have  done  great  work  in  the  IT  field. 


©  2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft  and  the  Office  logo  are  either  registered  trademarks  or  trade 
marks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products 
mentioned  herein  may  be  the  trademark  of  their  respective  owners. 
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IronPort  to  the  Email  Security  Rescue 

The  George  Washington  University  installs  IronPort  C-Series  appliances  to  halt  a  virus  onslaught. 


alk  about  your  close  call. 

Jeff  Baxter  doesn’t  like  to  think  about 
what  might  have  happened  if  The  George 
Washington  University  hadn’t  been  evaluating 
IronPort’s  email  gateway  appliance  when  the 
Netsky.T  worm  hit  in  early  April.  “We  normally  get  about 
400,000  messages  a  day,  a  maximum  of  500,000  if  a 

virus  hits,”  says  Baxter,  manager  _ 

of  Technology  Engineering  in 
GW’s  Information  Systems  and 
Services  department.  “During 
the  first  couple  of  days  of  the 
Netsky  infection,  we  were  get¬ 
ting  over  a  million  virus-infected 
emails  a  day." 

The  university  had  recently 
upgraded  its  central  email 
servers,  so  that  setup  was 
working  fine.  But  the  IT  group 
wasn’t  entirely  pleased  with  the  performance  of  the 
edge  email  servers  that  handled  incoming  message 
traffic  and  virus  scanning.  “We  were  already  using  the 
appliance  model  for  some  of  our  security  firewalls,  so 
we  thought,  why  not  use  it  for  edge  message  routing, 
anti-virus  and  maybe  anti-spam,"  Baxter  says. 

His  team  began  evaluating  several  such  devices  and 
was  particularly  impressed  with  IronPort’s  C-Series 
Messaging  Gateway.  The  C-Series  was  designed  from 
the  ground  up  to  handle  high-volume  email  traffic  while 
also  protecting  against  worm  and  virus  onslaughts  — 


While  the  old  edge 
servers  were  maxed  at 
100%  [CPU  utilization ], 
each  IronPort  appliance 
processed  all  mail  using 
only  10%  of  its  capacity. 


IronPort  helps 
GW  stem  the 
virus  tide 
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The  George  Washington  University  was  evaluating  the  IronPort 
C-Series  Messaging  Gateway  when  the  Netsky.T  worm  hit  in  April, 
crippling  its  mail  servers.  In  just  five  hours,  the  school  pressed 
the  IronPort  appliance  into  production  and  saw  edge  mail  server 
utilization  drop  from  100%  to  10%. 


without  bogging  down.  It  can  support  up  to  10,000 
simultaneous  connections,  with  performance  10  to  20 
times  faster  than  competitive  products  that  use  gener¬ 
al-purpose  operating  systems  and  hardware. 

GW’s  IT  staff  was  performing  an  evaluation  of  the 
IronPort  C-Series  when  Netsky.T  hit  like  a  ton  of  bricks. 
The  central  mail  system  managed  to  hold  its  own,  but 
_  the  edge  devices  were  over¬ 
whelmed. 

“CPUs  went  to  100%  utiliza¬ 
tion  and  stopped  accepting  or 
delivering  mail,”  Baxter  recalls. 
“Thousands  and  thousands  of 
messages  were  stuck  on  those 
machines.”  System  administra¬ 
tors  were  working  in  shifts 
around  the  clock,  but  “it  was  a 
losing  battle,  like  bailing  a  boat 
when  the  hole  is  bigger  than 
your  bucket,”  Baxter  says. 

The  IT  group  considered  adding  two  more  big  mail 
servers,  but  they  would  take  days  to  provision.  “And  we 
were  afraid  we’d  have  to  keep  adding  more,”  Baxter 
says.  Instead,  the  group  decided  to  step  up  its  evalua¬ 
tion  of  the  IronPort  appliances  by  putting  them  into  pro¬ 
duction  mode. 

With  the  help  of  a  technician  who  was  flown  in  by 
IronPort  overnight,  GW  got  two  boxes  up  and  running  in 
less  than  five  and  a  half  hours.  As  soon  as  the  IronPort 
gateways  were  online,  mail  starting  flowing  again.  While 
the  old  edge  servers  were  maxed  at  100%,  each 
IronPort  appliance  processed  all  mail  using  only  10%  of 
its  capacity. 

Since  then,  Baxter  says  the  university  has  had  no 
problems  with  traffic  spikes  or  virus  attacks. 
Furthermore,  his  group  is  using  the  C-Series’  integrated 
Sophos  anti-virus  software  and  IronPort  Mail  Flow 
Monitor  to  strengthen  defenses  against  future  attacks. 

“Mail  Flow  Monitor  lets  you  know  which  IP  addresses, 
both  internally  and  outside,  are  sending  the  most  mail,” 
Baxter  says.  “It  was  very  difficult  to  track  that  informa¬ 
tion  on  our  old  systems;  IronPort  gives  us  easy-to-read 
real-time  reports,  so  we  can  see  what’s  going  on.” 

Administrators  can  then  target  domains  and  user 
machines  that  are  sending  an  unusually  large  number 
of  messages  or  virus-infected  email.  Over  time,  such 
measures  will  make  the  university  network  less  vulner¬ 
able  to  attack,  while  cutting  down  on  bandwidth  and 
CPU  utilization. 

The  university  is  now  considering  taking  advantage  of 
other  features  enabled  by  IronPort’s  SMTPi  architec¬ 
ture.  They  include  IronPort’s  Reputation  Filters™  tech¬ 
nology  and  SenderBase™  reputation  database  that 
together  can  dramatically  curb  spam  by  identifying 
email  senders  and  assessing  their  past  behavior  (see 
story,  this  page). 

The  IT  staff  also  plans  to  install  two  more  C-Series 
devices  at  another  data  center  site.  GW  is  leading  the 
way  among  higher  educational  institutions  in  pursuing 
advanced  business  continuity  and  disaster  recovery  capa¬ 
bilities,  with  data  centers  in  D.C.  as  well  as  Virginia. 
Having  IronPort  devices  in  both  centers  will  help  GW  meet 
its  goal  of  eliminating  unscheduled  email  downtime. 


SMTPi:  A  Foundation 
for  Intelligent 
Email  Handling 

The  IronPort  Systems  family  of  messaging 
gateway  appliances  brings  security  and 
trust  to  email  by  implementing  the  com¬ 
pany’s  SMTPi  architecture. 

SMTPi  adds  a  crucial  “identity”  element  to  the 
Simple  Mail  Transfer  Protocol  (SMTP),  along  with 
reputation  and  policy  components.  SMTPi  first 
seeks  to  establish  the  identity  of  an  email 
sender  by  verifying  the  IP  address  of  the  sending 
message  transfer  agent  (MTA),  which  is  far  more 
difficult  to  forge  than  the  simple  return  address. 
Going  forward,  SMTPi  will  incorporate  additional 
identity  authentication,  including  emerging  sys¬ 
tems  from  Microsoft,  Yahoo!  and  others  that 
allow  companies  to  determine  which  mail 
servers  are  allowed  to 
send  email  using  a  par- 
a  ticular  domain  name. 
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Ultimately,  SMTPi  will  also  support  “universal” 
identity  systems  that  use  digital  certificates  to 
achieve  a  high  level  of  accuracy  in  identifying 
email  senders,  even  down  to  the  individual  level. 

Once  an  email  sender  has  been  accurately  iden¬ 
tified,  the  next  step  is  to  assess  his  email  histo¬ 
ry  or  reputation  using  IronPort’s  SenderBase, 
which  acts  like  a  credit  reporting  system  for  email 
senders.  SenderBase  (www.senderbase.org) 
monitors  various  factors  to  assess  the  reputation 
of  a  sender,  including  global  sending  volume, 
complaint  levels,  whether  a  sender’s  DNS 
resolves  properly  and  accepts  return  mail,  black¬ 
list  information  and  other  parameters. 
SenderBase  renders  a  statistical  score,  the 
SenderBase  Reputation  Score,  which  provides  an 
assessment  of  the  email  sender’s  reliability. 

The  SenderBase  Reputation  Score  enables 
email  administrators  to  create  policies  for  intelli¬ 
gently  handling  incoming  mail.  When  combined 
with  the  threat  prevention,  content  scanning, 
Brightmail-based  spam  detection  and  Sophos 
antivirus  capabilities  integrated  with  the  high-per¬ 
formance  IronPort  Messaging  Gateway  appli¬ 
ances,  SMTPi  provides  powerful  mail  handling 
capabilities. 


IRONPORT 

Powerful.  Reliable.  Secure. 


Learn  more  about  SMTPi 
and  IronPort  appliances 

Download  the  white  paper,  “SMTPi:  An  Email 
Security  Architecture,”  as  well  as  data  sheets  on 
IronPort’s  family  of  Messaging  Gateway  Appliances. 

Visit:  www.ironport.com/future 
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VoIP  security  wares 


Breaking  through  IP  telephony 

In  tests,  Avaya  and  Cisco  attempt  to  strut  VoIP  security  stuff. 


work  and 


■  BY  EDWIN  MIER,  RANDALL  BIRDSALL  AND  RODNEY  THAYER,  NETWORK  WORLD  LAB  ALLIANCE 

an  you  hacker-proof  your  IP  telephony  network?  The  short  answer  —  as  demon¬ 
strated  in  the  first-ever  public  test  on  this  topic  —  is: Yes,  pretty  much.  But  it  strongly 
depends  on  whose  IP  PBXyou  use  and  more  importantly,  whether  you’re  willing  to 
spend  the  dollars  and  the  time  it  takes  in  terms  of  network  security  planning,  net- 
personnel  resources,  and  extra  security  gear. 


In  our  tests,  we  developed  a  plan  for 
realistically  assessing  how  secure  ven¬ 
dors’  IP  telephony  packages  are  —  or 
aren’t  —  against  a  determined,  malicious 
attacker.  While  we  invited  the  top  five 
vendors  by  VoIP  market  share  to  partici¬ 
pate,  only  Cisco  and  Avaya  stepped  up  to 
the  challenge. 

Cisco’s“maximum-security” VoIP  config¬ 
uration  —  a  midsize  CallManager-based 
system, with  call  control,  voice  mail, gate¬ 
way;  a  Catalyst  4500-  and  6500-based 
Layer  2/Layer  3  infrastructure;  a  copious 
supply  of  intrusion-detection  system 
(IDS)  and  PIX  firewall  security  add-ons; 
plus  a  half-dozen  Cisco  security  gurus 
supporting  the  test  —  earned  our  most 
Secure  rating  (see  rating  criteria,  below). 
Our  attack  team  couldn't  disrupt, or  even 
disturb,  Cisco’s  phone  operations  after 
three  days  of  trying. 

Avaya  submitted  two  configurations:  A 
no-frills,  out-of-the-box  Avaya  IP  tele¬ 
phony  deployment  with  no  extra-priced 
security  options;  and  a  maximum-secu¬ 
rity  alternative  —  featuring  the  same 

VoIP  security  rating  scale 


Overall 

rating 

Maximum  impact 
that  assault  team 
could  achieve 

Secure 

No  perceptible  dis¬ 
ruption  to  voice  service. 

Resistant 

Only  minor  and/or 

temporary 

disturbance(s). 

Vulnerable 

Phone  service  affect¬ 
ing  many  phone  users 
could  be  disrupted  for 
a  protracted  period,  via 
a  sophisticated  or 
coordinated  attack. 

Open 

Phone  service  affect¬ 
ing  most  phone  users 
could  be  significantly 
disrupted,  indefinitely, 
via  a  fairly  straight¬ 
forward  assault 

Unsecure 

Phone  system  or  ser¬ 
vice  affecting  all  users 
could  be  readily  and 
indefinitely  disabled. 

VoIP  gear,  but  with  an  added  firewall 
and  Layer  2/Layer  3  infrastructure 
switches  from  Extreme  Networks.  Secur¬ 
ity  weaknesses  earned  the  basic  Avaya 
configuration  a  so-so  Vulnerable  rating, 
while  the  hardened  package  fared  bet¬ 
ter  with  an  overall  Resistant  rating. 

The  ground  rules  (see  page  84) 
imposed  some  limitations  on  the  four- 
member  assault  team.  For  example,  only 
hacker  tools  and  attacks  that  were  avail¬ 
able  on  the  Internet  could  be  used. 
Attacks  had  to  be  launched  via  an  end- 
user  data  port  or  IP  phone  connection, as 
if  the  hacker  had  access  to  a  standard 
office  cube;  attackers  could  not  disas¬ 
semble  or  dissect  the  vendor’s  IP  phone 
—  and  so  on. 

The  objective  was  to  disrupt  phone 
communications.  Via  the  data  and  IP 
phone  connections,  the  attack  team  used 
scanning  tools  and  other  techniques  to 
see  and  learn  what  they  could  of  the 
topology  The  attack  team  was  told  noth¬ 
ing  of  the  vendor’s  configuration  before¬ 
hand.  After  discerning  and  identifying 
“targets,”  the  hackers  then  systematically 
launched  dozens  of  attacks,  at  times  in 
combinations  concurrently 

Given  the  limits  set  by  our  ground  rules 
and  the  duration  of  the  tests,  it  is  impor¬ 
tant  to  note  that  the  attacks  launched 
against  these  products  are  not  as  severe 
as  those  that  could  be  encountered  in  an 
actual  deployment.  We  consulted  with  a 
half-dozen  security  experts  regarding 
these  attacks,  and  they  concluded  that 
the  attacks  were  of  moderate  intensity 

We  will  not  disclose  in  this  story  com¬ 
plete  details  of  vendors’ specific  vulnera¬ 
bilities  uncovered  and  exploited,  so  as 
not  to  put  customers  using  these  prod¬ 
ucts  at  risk.  These  exploits  are  therefore 
discussed  in  general  terms. 

Like  a  rock 

Cisco  proved  it  could  build  a  VoIP  net¬ 
work  that  a  sophisticated  hacker  assault 
team  could  not  break  or  even  noticeably 
disturb. The  elaborate  IP-telephony  pack¬ 
age  —  with  underlying  Layer  2  and  Layer 
3  infrastructure  and  assorted  security 
add-ons  (see  “Cisco  maximum-security 


Cisco  maximum-security  VoIP  topology 

Key  security  components 


VoIP  infrastructure 


CiscoWorks 
2000  and 
other 

management 
and  utility 
servers 


Network 

infrastructure 

Cisco  PIX 
firewall 


Cisco 
3725 
Layer  2/ 
Layer  3 
switch 
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Cisco  Call 
Manager 
4.0 

Cisco 

Unity 

voice 

mail 

(fps 

Cisco  Security  Agent  integrated  on 
all  servers. 

Firewall-protected,  out-of-band 
management  access  to  all  servers 
and  infrastructure  boxes. 

Aggressive  monitoring  of  security 
related  events. 


Cisco  Catalyst  6500 


•  Built-in  denial-of-service  protection 
in  Catalyst  10S,  including  rate- 
limiting. 

•  Dynamic  Address  Resolution 
Protocol  Inspection;  other  attack 
suppression  in  Catalyst  IOS. 

•  Multiple  firewalls  at  strategic 
locations. 

•  Separate  voice  and  dataVLANs 
throughout. 


User 

access 

(office 

cube) 


Desktop  or 
laptop  PC 


5]  Cisco  7960  and 
7970  IP  phones 

Desktop  or 
laptop  PC 


Certificate-authenticated,  encrypted 
VoIP  call  control  and  signaling. 

Media  (VoIP  Real-timeTransfer 
Protocol  stream)  encryption  on  7970 
IP  phone. 

Local  IP  phone  administrative. 
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topology/’  above)  —  is  the  most  secure 
that  Cisco’s  collective  network  security 
expertise  could  muster,  and  employs 
every  defensive  weapon  in  the  Cisco 
arsenal. 

The  Cisco  topology  tested  certainly  rep¬ 
resents  more  security  options  and  stricter 
security  settings  than  most  users  current¬ 
ly  employ  but  all  are  available  today  for 
a  price.  The  optional  components  in¬ 
cluded:  two  stand-alone  PIX  firewalls 
(about  $8,000  each);  another  firewall  on 
a  blade  in  the  backbone  Catalyst  6500 
(about  $35,000);  an  IDS  blade  also  in  the 
6500  (about  $30,000);  an  entirely  sepa¬ 
rate,  out-of-band  management  subnet 


and  various  security-management  appli- 
cations.The  price  for  the  firewall  and  IDS 
pieces  came  to  slightly  more  than 
$80,000.  Cisco  says,  though,  that  it  threw  | 
in  systems  that  it  could  readily  get  its  jj 
hands  on, and  that  the  same  job  could  be  J 
done  with  less-expensive  firewall  and  IDS  \ 
models  from  Cisco. 

The  firewalls  brought  some  very  useftT 
high-level  security  features  to  the  table 
One  is  the  notion  of  trusted  vs.  untrusted  \ 
sides  —  and  the  untrusted  interfaces 
were  always  pointed  toward  our  hacker 
Another  is  a  stateful  understanding  e 
protocols,  so  that  only  specific  VoIP  p; 
tocols  required  for  VoIP  were  allowe 
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Clear  Choice  Test 


with  requests  and  responses  passing  only 
in  the  appropriate  directions.  Other  firewall 
features  that  came  into  play  during  this  test 
included: 

•  Stateful  inspection  of  VoIP  call  control, 
and  the  ability  to  network  address  transla¬ 
tion  and  tunnel  call  control  through  the 
firewall. 

a  TCP  intercept,  which  makes  sure  TCP 
connections  are  completed.  This  can  pre¬ 
vent  certain  denial-of-service  (DoS)  as¬ 
saults  on  the  CallManager. 

@  Secure  Skinny  Call-Control  Protocol 
(Secure  SCCP)  support. This  is  the  newer, 
more  secure  form  of  Ciscos  proprietary 
SCCP  that  the  company  used  in  this  VoIP 
network.  Secure  SCCP  uses  a  TCP  con¬ 
nection  rather  than  User  Datagram 
Protocol  (UDP)  and  encrypts  call  control 
information. 

Enter  CallManager 

Version  4.0  of  CallManager,  which  han¬ 
dles  call  control  and  is  the  heart  of  Ciscos 
IP  telephony  package,  includes  some  new 
security-related  features.  Key  among  them 
is  the  company’s  first  VoIP  encryption 
implementation.  At  this  time  voice-stream 
(Real-time  Transfer  Protocol  [RTP])  en¬ 
cryption  is  supported  only  on  Cisco’s 
newer  7970  IP  phone  sets.  The  latest  Call- 
Manager  also  has  been  additionally  hard¬ 
ened,  along  with  the  underlying  Windows 
2000  operating  system,  according  to 
Cisco.  For  our  tests,  this  meant  that  open 
ports  were  closed  and  unnecessary  ser¬ 
vices  disabled. 


An  impressive  array  of  network  self- 
defense  features  is  included  in  the  Catalyst 
10S  versions  tested.  Specifically  we  had  10S 
12.2(1 7b)sxa  on  a  core  Catalyst  6500,  and 
IOS  12.1(20)ew  on  an  access  Catalyst  4500. 
These  capabilities  did  more  to  thwart  our 
assaults  than  any  other  component  in  the 
Cisco  topology  because  they  were  the  first 
line  of  defense. They  include: 

•  Traffic  policing  and  committed  access 
rate,  which  were  very  successful  in  fending 
off  our  DoS  assaults. 

•  Layer  2  port  security  which  restricts  the 
number  of  media  access  control  (MAC) 
addresses  on  a  port. 

•  Layer  2  Dynamic  Host  Configuration 
Protocol  snooping,  which  prevents  dynam¬ 
ic  host  configuration  protocol  exhaustion 
attacks. 

•  Dynamic  Address  Resolution  Protocol 
inspection,  which  stops  ARP  poisoning  and 
ARP  spoofing  attacks.  This,  too,  frustrated  a 
number  of  our  attack  team’s  more  insidious 
assaults. 

•  IP  Source  Guard,  which  prevents  imper¬ 
sonation  attacks. 

•Virtual  LAN  (VLAN)  access  control  lists, 
which  restrict  the  traffic  that  can  reach  IP 
phones. 

Cisco  Security  Agent  (CSA)  is  a  host- 
based  intrusion-prevention  system  (IPS), 
and  is  now  an  integral  security  component 
in  CallManager  IP  telephony  servers.  It  was 
also  on  Cisco’s  Unity  voice  mail  server  and 
all  other  Win  2000  servers  (seven  CSA 
agents  in  all)  deployed  throughout  Cisco’s 
network  topology.  The  CSA  agent  runs 


automatically  and  unattended,  and  pro¬ 
vides  some  powerful  safeguards  at  the 
server,  including: 

•  Buffer  overflow  protection,  which  pro¬ 
tects  the  server’s  protocol  stack  from 
attacks  involving  malformed  data  packets. 

•  Network  worm  and  Trojan  prevention 
(not  tested). 

•  Prevention  of  unauthorized  application 
from  running. 

•  Protection  against  synflood  attacks  —  a 
family  of  DoS  attacks  against  the  server’s 
TCP  processing. 

•  Detection  of  port  scans,  which  all  hack¬ 
ers  employ  to  determine  vulnerabilities 
based  on  a  server’s  responses  to  specific 
services  and  port  numbers. 

Bottom  line 

After  three  days,  the  attack  team  could 
not  find  a  perceptible  disruption  to  phone 
communications.  We  only  had  two  minor 
concerns  about  the  Cisco  system  as  tested. 

First,  our  hackers  could  readily  insert  a 
passive  probe  into  an  IP  phone  station  con¬ 
nection.  From  that  vantage  point  they 
could  observe  and  collect  full  traffic  details 
—  protocols,  addresses,  and  even  capture 
RTP  which  is  the  VoIP  protocol  that  runs 
above  UDP  and  carries  all  voice  samples  in 
all  VoIP  systems.VoIP  streams  to/from  Cisco 
7970  phones  can  be  128-bit  encrypted, 
however.  Our  hacker  team  readily  acknowl¬ 
edged  that  it  could  not  hope  to  decrypt 
those  streams. 

Second,  with  the  network  information 
collected  via  the  inserted  probe,  the  hack¬ 
ers  could  insert  their  own  computer,  gain 
access  to  the  voice  virtual  LAN  and  send 
traffic  to  other  devices  on  the  VLAN.  They 
could  not  impersonate  an  IP  phone  or 
spoof  an  IP  phone  call,  however.  With  all 
the  other  controls  in  place,  they  could  not 
further  exploit  the  system. 

Achieving  what  Cisco  did  —  orchestrat¬ 
ing  effective  security  across  so  many  layers 
and  platforms  —  is  no  mean  feat.  The  sub¬ 
tle  inter-relationships  and  correct  setup  of 
all  these  security  pieces  is  daunting.  But 
despite  all  the  Cisco  security  experts  on 
hand  to  tune,  monitor  and  configure  the 
various  systems,  we  still  uncovered  config¬ 
uration  problems. 

One  of  the  firewalls  as  configured  by 
Cisco  was  passing  no  traffic  in  either  direc¬ 
tion  —  which  might  be  secure,  but  not  very 
practical.  Also  a  vulnerable  service  mistak¬ 
enly  was  left  running  on  one  node.  While 
these  things,  and  others,  were  promptly 
fixed,  the  point  is  that  even  the  best-laid 
security  plan  can  be  affected,  even  com¬ 
promised,  because  of  improper  or  incor¬ 
rect  settings. 

Avaya,  Part  one 

The  first  configuration  Avaya  submitted 
for  security  assessment  had  a  minimal  net¬ 
work  infrastructure  (see  “Avaya  no-frills  VoIP 
security  topology’ left).  In  fact,  there  was  no 
Layer  3  network  infrastructure  at  all.  All  IP 
communications  traversed  a  single,  flat, 
switched  Layer  2  network,  segregated  into 
two  isolated  VLANs,  one  for  voice  and  the 
other  for  data.  No  firewalls  were  employed. 


/  \ 

Ground  rules  for  VoIP 
security  testing 

Before  the  test,  these  ground  rules 
were  adopted  as  a  means  of 
setting  a  level  playing  field  for 
consistent  testing  practices 
across  all  vendors  tested. 

1. The  vendor  has  complete  control  over 
the  IP  telephony  environment  and 
underlying  network  infrastructure  — 
which  products  to  include  and  how 
everything  would  be  configured. 

2.  A  midsize,  local-only  VoIP  environ¬ 
ment  (campus  or  building)  would  be 
simulated.  NoVolP  traffic  would  be 
carried  via  WAN  between  remote, 
distributed  locations. 

3.  After  setup,  IP  telephony  and  Layer 
2/Layer  3  data  networking  could  not  be 
functionally  limited  because  of  security 
settings,  including  normal  IP  phone 
calling  out  to/from  the  PSTN. 

4.  After  setup,  vendors  could  not 
actively  manipulate  or  reconfigure  their 
network.They  could,  however,  continue 
to  passively  monitor  security  alert/ 
alarm  logs. 

5.  Assaults  would  all  be  attempted  via 
these  specific  attack  points: 

a.  Via  an  "office-cube"  data-LAN  port, 
which  the  assailant  can  legitimately 
access  (for  example  a  valid  MAC 
address). 

b.  Via  an  “office-cube"  IP  phone, 
which  the  assailant  is  authorized  to 
use,  including  the  "data  switch  port” 
on  the  back  of  the  phone,  fora  desktop 
or  laptop.These  scenarios  represent 
typical  “insider-attack”  scenarios. 

6.  All  assaults  would  employ  or  be 
based  on  tools  and  attacks  that  are 
publicly  available  via  the  Internet.  No 
new  programming  or  other  unique  or 
custom  attacks  could  be  applied. 

7.  Assailants  could  not  procure  or 
disassemble  and  dissect  a  vendor  IP 
hard  phone. 

v _ ’ _ ■  J 

Despite  this  minimal  network  infra¬ 
structure,  the  Avaya  VoIP  package  does 
feature  various  inherent  security  mecha¬ 
nisms.  Consider  the  VoIP  infrastructure, 
for  example: 

•  Call  control,  in  the  form  of  a  set  of 
redundant  S8700  Media  Servers,  connect 
the  call  control  to  a  private  LAN,  which  iso¬ 
lates  and  insulates  them  from  the  produc¬ 
tion  network.The  servers  connect  only  to  a 
specialized  IP  System  Interface  module, 
running  Version  5  housed  in  the  G650 
Media  Gateway  chassis. 

•  Voice  mail  connects  via  analog  trunks, 
which  Avaya  says  is  a  plus  when  there  are 
problems  with  or  threats  promulgating 
from  the  IP  network.  Even  if  all  phones  are 
IRcalls  still  can  be  received  from  the  public 
switched  telephone  network  and  routed  to 
voice  mail,  regardless  of  the  state  of  the  IP 
network. 

•  Rather  than  connect  via  the  Internet, 
Avaya  endorses  a  secure-modern  connec¬ 
tion  for  remote  diagnostics  and  testing.  But 

See  VoIP,  page  86 
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while  this  certainly  avoids  IP-based 
assaults,  it  hardly  represents  the  state  of  the 
art  in  data  networking  or  security. 

«  System  software  uploads  involve  a  two- 
step  process: The  administrator  downloads 
new  software  onto  a  laptop  and  then 
uploads  the  software  from  the  laptop  into 
the  call-control  system. 

However,  the  Avaya  topology  call-control 
information  is  not  encrypted,  and  the  pass¬ 
words  used  for  IP  phone  authentication  are 
not  very  strong. 

The  Avaya  Cajun  P333  switch  does  offer 
some  security  features.  Those  applied  in 
our  test  environment  were: 

«  For  port  security  the  administrator  can 
lock  down  the  port  to  one,  two  or  three  MAC 
addresses,  once  the  switch  has  learned  the 
MAC(s).  This  was  applied  in  our  environ¬ 
ment,  locking  the  switch  port  to  one  MAC.  If 
a  user  moves  with  his  PC  to  another  loca¬ 
tion  and  switch  port,  the  administrator  has 
to  manually  release  and  then  relock  the 
switch  ports.  But  because  we  readily  could 
observe  and  record  traffic  on  our  data  and 
voice  links,  we  could  have  our  hacker  com¬ 
puter  use  a  legitimate  MAC  address.  The 
switch  never  knew  the  difference. 

•  Management-access  restrictions, 
such  as  closing  out  all  IP-based  manage¬ 
ment  access  to  the  switch  (Web  and 
Telnet),  allow  access  only  via  the  serial 
console  port. 

•  SNMP  traps  can  be  issued  for  VLAN  vio¬ 
lations  and  for  any  configuration  changes. 

Our  hackers  learned  quite  a  bit  by  query¬ 
ing  Avaya’s  IP  phones  via  SNMP  using  the 
universal  default  SNMP  community  name 
“public.”  But  the  phones  could  not  be 
reconfigured,  disabled  or  otherwise  exploit¬ 
ed  via  SNMP  sets  (writes). 

Bottom  line 

Two  of  our  attack  teams  main  penetra¬ 
tion  and  surveillance  tricks  that  were  suc¬ 
cessful  in  getting  into  the  Cisco  system 
worked  equally  well  in  this  Avaya  environ¬ 
ment.  The  hackers  could  readily  insert  a 
passive  probe  into  an  IP  phone  station 
connection,  and  observe  and  collect  full 
traffic  details.  VoIP  streams  to/from  the 
Avaya  4620  IP  phones  also  were  encrypt- 
ed.The  hackers  also  could  insert  their  own 
computers,  gain  access  to  the  voice  VLAN 
and  contact  other  devices  on  the  VLAN  — 
but  could  not  impersonate  an  IP  phone  or 
spoof  an  IP  phone  call. 

The  attack  team  then  uncovered  two 
serious  vulnerabilities  that  could  be  ex¬ 
ploited  to  disrupt  voice  communications. 

One  particularly  effective  attack  in¬ 
volved  just  the  IP  phones.This  was  a  fairly 
sophisticated,  two-step  assault.  By  sending 
a  high  rate  of  a  particular  traffic  type  to  an 
IP  phone  for  a  few  minutes,  the  phone  in 
many  cases  would  reboot.  Rebooting 
made  the  phone  susceptible  to  the  sec¬ 
ond  part  of  the  assault,  delivery  of  a  hand¬ 
ful  of  special  packets,  which  disabled  the 
phone  for  20  minutes.  Many  phones  could 
be  disabled  in  this  manner,  one  at  a  time. 


By  repeating  the  part-two  packet  stream 
during  the  20-minute  period,  affected 
phones  could  be  disabled  indefinitely 

Other  vulnerabilities  were  exposed,  too, 
but  time  did  not  permit  them  to  be  fully 
exploited.  One  of  these  is  that  the  switch 
data  port  on  the  back  of  Avayas  IP  phone 
accepts  and  passes  user  traffic  with  VLAN 
tags  appended. This  makes  the  hacker’s  job 
easier.  For  example,  the  hacker  computer 
could  then  plug  in  the  back  of  the  phone 
and  start  sending  spoofed  voice  traffic  — 
with  the  appropriate  voice-VLAN  tag;  you 
don’t  even  need  to  unplug  the  phone. 

We  also  observed  that  certain  traffic 
types  sent  to  particular  ports  on  the  call- 
control  equipment  could  increase  the 
time  it  takes  for  calls  to  be  processed.  And 
in  the  hacker  world,  if  you  can  cause  it  to 
slow  down,  it  indicates  a  vulnerability  that 
you  can,  with  enough  time,  exploit  to  gum 
up  the  whole  works. 

Avaya,  Part  two 

Avaya  took  home  the  lessons  it  learned 
from  the  first  round  and  returned  with  a 
more  hardened,  more  secure  configura¬ 
tion  (see  “Avaya  maximum-security  topol¬ 
ogy  right). 

Officially,  Avaya  says  its  IP-telephony 
package  is  switch-agnostic,  with  regard  to 
the  Layer  2  and  Layer  3  equipment  that 
underlies  the  VoIP  infrastructure.  So  the 
Avaya  Cajun  P333  switch  employed  in  the 
first  test  round  was  replaced  in  the  second 
round  with  Layer  2/Layer  3  switches  from 
Extreme,  with  which  Avaya  partners. 

The  key  new  components,  all  additions 
to  the  network  infrastructure,  included:  an 
Avaya  SG208  Security  Gateway  ($15,000); 
an  Extreme  Summit  30CM8  Layer  2/Layer  3 
switch  ($8,000);  and  an  Extreme  Alpine 
3804  Layer  3  switch  ($10,000).  The  Avaya 
VoIP  equipment  was  unchanged.  In  fact, 
the  same  software  loads  were  run  in  this 
retest,  for  the  Avaya  S8700,  the  G650  Media 
Gateway,  the  Control  LAN  (CLAN)  and 
media  processing  modules,  and  even  the 
same  IP  phone  firmware  release.  The 
CLAN  module  ran  firmware  Version  9;  the 
media  processing  module  ran  firmware 
Version  75,  and  the  IP  phone  ran  Version 
2.0  firmware. 

The  Avaya  Cajun  P333  switch  used  in  the 
first  round  was  replaced  with  Summit  300- 
48.  So,  the  frills  necessary  to  shore  up 
Avaya’s  security  story  in  the  second  test 
round  amount  to  about  $30,000. 

Architecturally,  the  addition  of  Layer  3  IP 
routing  and  other  key  configuration 
changes  prevented  the  type  of  attack  that 
was  developed  in  the  first  test  round, 
where  a  rogue  hacker  computer  directly 
assaulted  other  IP  phones. 

The  changes  that  enhanced  security 
were: 

•  Rate  limiting  of  IP  traffic  by  the  Summit 
switch  prevented  anyTCPUDP  or  broadcast 
packet  stream  from  exceeding  1 M  bit/sec. 

•  Individual  VLANs  per  IP  phone  port 
were  set  up.  An  IP  phone  cannot  directly 
assault  another  IP  phone  if  it  is  on  a  dif¬ 
ferent  VLAN.  Then  any  traffic  between 
phones  has  to  be  routed.  And  then  it  can 


be  examined,  blocked  by  protocol,  even 
rate-limited,  as  noted.  Managing  per-port 
VLANs  also  can  be  an  administrative 
nightmare,  especially  when  IP  phones 
number  several  hundred  or  more.  So  the 
scalability  of  this  approach  in  large  VoIP 
deployments  is  dubious. 

•  A  process  Avaya  calls  “shuffling”  is  dis¬ 
abled.  Shuffling  is  the  ability  of  an  IP  phone 
to  directly  exchange  RTP  voice  streams 
with  another  IP  phone.  With  shuffling  dis¬ 
abled,  all  VoIP  streams  must  pass  through 
the  media  processing  module.  So  disabling 
shuffling  provides  for  good  control  and  net¬ 
work  security,  but  it  makes  the  media  pro¬ 
cessing  module  a  bottleneck.  An  Avaya 
source  says  a  media  processing  module 
can  handle  up  to  about  64  concurrent 
calls.  So  the  scalability  of  this  approach  is 
questionable. 

The  Extreme  Alpine  can  restrict  traffic  it 
passes  to  known  IP  phone  MAC  addresses. 
That  means  a  hacker  has  to  spoof  a  legiti¬ 
mate  IP  phone’s  MAC  address  to  send  traf¬ 
fic  through  the  Alpine.That  is  exactly  what 
our  attack  team  did. The  passive  monitor¬ 
ing  insert  cable  our  team  developed  lets 
all  active  network  addresses  be  seen  and 
captured,  even  in  this  hardened  Avaya 
configuration. 

The  SG208  firewall  was  configured  to  let 
only  traffic  of  specific  ports  pass  to  and 
from  the  call-control  equipment. Only  traffic 
within  a  narrow,  specific  UDP  port  range 
was  allowed  to  pass  to  the  media  process¬ 


ing  module,  and  only  the  ports  and  proto¬ 
cols  associated  with  Avaya’s  H.323-based 
call-control  signaling  were  passed  to  the 
CLAN  module.  It  didn’t  take  the  hackers 
long,  with  straightforward  techniques,  to  fig¬ 
ure  out  which  ports  were  open.  Their  sur¬ 
veillance  confirmed  that  call  processing 
was  H.323,and  that  meant  certain  ports  had 
to  be  in  use.  And  using  borrowed  real- 
phone  IP  identities,  they  were  able  to  con¬ 
tact  the  call-control  infrastructure  and  get 
responses. 

It  is  not  necessary  to  emulate  all  aspects 
of  a  legitimate  IP  phone’s  operation,  or 
even  to  know  its  password,  for  example,  to 

See  VoIP,  page  88 


VoIP  security  special  report 


■  Miercom's  recently  released  spe¬ 
cial  report  2004:  A  VoIP  Security 
Assessment  includes  detailed  infor¬ 
mation  on  VoIP  vulnerabilities  over 
all,  attack  scenarios  and  how  to  best 
defend  against  them.  In  addition, 
Miercom's  program  of  IP  telephony 
and  VoIP  security  testing  is  ongoing. 
Find  out  about  the  latest  tests  and 
results,  including  re-tests  of  vendors 
that  have  patched  and  otherwise 
addressed  previously  exposed  vul¬ 
nerabilities  as  reported  at  www.nw 
fusion.com,  DocFinder.  2124. 
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penetrate  the  call-control  infrastructure. 
Full  emulation  of  an  IP  phone’s  password, 
protocols  and  packet  streams  is  necessary 
to  place  an  unauthorized  phone  call.  But 
most  hackers  have  more  sinister  objectives. 


Bottom  line 

As  in  the  first  Avaya  test  and  the  Cisco 
test  before  that,  the  attack  team  readily 
could  insert  its  passive  probe  into  an  IP 
phone  station  connection,  and  observe 
and  collect  full  traffic  details  but  not  deci¬ 
pher  the  encrypted  voice  streams. 

Similarly,  with  the  network  information 


they  collected,  the  hackers  successfully 
could  insert  their  own  computer  and  — 
using  the  MAC,  IP  and  VLAN  tag 
of  a  legitimate  IP  phone  —  gain  access 
to  the  voice  infrastructure  and 
contact  other  devices  within  the  VoIP 
infrastructure. 

The  attack  that  worked  in  the  previous 


test  round  against  other  IP  phones  no 
longer  worked  with  this  Avaya  configura¬ 
tion.  But  the  attack  team  did  turn  up 
another  vulnerability.  By  issuing  a  very  low 
volume  of  packets,  using  a  specific  proto¬ 
col  and  port  to  the  call-control  equip¬ 
ment,  IP  phones  could  be  prevented  from 
registering.  In  normal  circumstances  this 
would  affect  just  a  small  number  of 
phones:  An  IP  phone  registers  only  when 
it’s  first  plugged  in. 

So  unless  a  phone  was  moved  or 
unplugged,  it  normally  wouldn’t  need  to 
re-register.  Still,  phones  could  be  pre¬ 
vented  from  registering  for  as  long  as  the 
very  low-volume  traffic  stream  contin¬ 
ued  to  be  sent  to  the  call  controller. 

Avaya  determined  that  a  software  patch 
to  its  call-control  software  was  necessary 
to  address  this  vulnerability  The  company 
committed  to  fixing  the  problem. 

In  the  final  analysis,  and  given  the  rela¬ 
tively  minor  nature  of  this  security  hole,  we 
gave  Avaya  an  overall  resistant  rating  for 
this  maximum-security  configuration. 

Conclusion 

Our  findings  underscore  a  tenet  of  net¬ 
work  security:  Effective  security  has  to 
address  all  layers.  Cisco  applied  effective 
measures  at  Layers  2  and  3  (Catalyst 
switches),  Layers  4  and  5  (firewalls  and 
IPS),  Layer  6  (RTP  voice  stream  encryp¬ 
tion,  still  limited  to  certain  phones, 
though),  and  Layer  7  (with  server-based 
software  such  as  the  Cisco  Security 
Agent). 

The  first  Avaya  configuration  had  limited 
Layer  2  defenses  and  very  few  defenses  at 
Layers  3  and  above,  except  for  Layer  6.  To 
its  credit,  Avaya  does  have  good  RTP 
encryption  (Layer  6)  support  on  all  its 
phones.  Avaya’s  hardened,  maximum- 
security  configuration  addresses  Layers  3, 
4  and  6  more  effectively  but  still  left  some 
holes. 

VoIP  security,  spawned  by  the  popularity 
and  proliferation  of  IP  telephony,  is  a  criti¬ 
cal  issue,  and  we  challenge  other  IP  tele¬ 
phony  providers  to  throw  their  hats  into 
the  ring. 
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Morrison  &  Foerster,  NetsEdge,  Pobox,  PGP,  Scalix,  Sendmail,  Symantec,  TRUSTe,  Unica,  VeriSign,  Yahoo! 


REGISTER  TO 


www.etcevent.com 
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PALACE  HOTEL,  SAN  FRANCISCO 
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Don’t  blame  the  network 

Testing  software  before  a  rollout  helps  curtail  finger-pointing  about  poor  performance. 


■  BY  LINDA  LEUNG 

It’s  all  too  easy  for  users  to  blame  the  infrastructure  when  their 
access  to  corporate  servers  is  slow.  This  is  such  old  hat  that  at  a 
recent  company  meeting,  the  network  professionals  at  apparel 
retailer  Gap  showed  off  their  own  tongue-in-cheek  creation  — 
a  song  called  “Blame  the  darn  network.”  In  turn, 
the  network  folks  often  blame  the  applica¬ 
tion  developers  for  building  code  that 
hogs  bandwidth  and  makes  every¬ 
thing  else  run  like  a  dog. 

“The  complexity  of  applications  is  grow¬ 
ing,  and  developers  tend  [not  to]  under¬ 
stand  the  nuances  of  application  behav¬ 
ior  in  the  real  world.  Now  so  many  appli¬ 
cations  are  mission-critical  and  IT  oper¬ 
ations  are  having  to  do  more  with 
fewer  people  —  this  is  putting  tremen¬ 
dous  pressure  on  the  [network  opera¬ 
tions  center]  guys,”  says  Dave 
Danielson,  CEO  of  performance  man¬ 
agement  vendor  Altaworks. 

Too  often,  software  is  tested  in  the 
confines  of  the  software  lab  but  not  in 
the  real  world,  where  multiple  networks, 
servers  and  clients  could  introduce  sce¬ 
narios  that  the  application  might  not  have 
been  built  to  overcome. 

The  problem  also  could  be  cultural, 

Danielson  says.  Developers  strive  to  write  soft¬ 
ware  quickly  and  efficiently,  whereas  the  opera¬ 
tions  folks  ensure  the  infrastructure  is  well  managed 
and  performs  well.  If  their  motives  are  different,  how 
can  the  two  groups  provide  services  that  are  useful  to  their 
constituents? 

Danielson  says  organizations  need  to  foster  a  closer  understand¬ 
ing  of  the  focus  and  challenges  of  both  teams.  What’s  more,  he  recom¬ 
mends  testing  the  application  before  unleashing  it  to  end  users.  This 
process  helps  the  network  specialists  ensure  there’s  enough  bandwidth 
for  the  software,  and  helps  developers  identify  and  fix  weak  spots  in  the 
software  that  could  create  problems  on  the  live  network. 

Gap,  for  example,  uses  Opnet’s  IT  Guru  and  Application  Characterization 
Environment  (ACE)  network  modeling  tools  to  test  new  software  before  it’s  rolled  into  pro¬ 
duction,  says  Jerry  White,  senior  network  engineer  at  Gap  in  San  Francisco.  IT  Guru  mod¬ 
els  the  network,  including  routers, switches,  protocols, servers  and  individual  applications, 
while  ACE  provides  detailed  analysis  of  application  packet  traces  and  quick  diagnosis  of 
problems. 

IT  Guru  is  used  as  part  of  Gap’s  Network  Application  Deployability  Assessment  pro¬ 
gram  for  testing  software  on  a  model  network  before  deployment.  Software  managers 
and  the  network  staff  who  will  conduct  the  tests  meet  and  discuss  the  application’s 


Jerry  White,  senior  network 
engineer  for  Gap,  eyes  network 
modeling  tools  to  show  users 
that  big  bandwidth  doesn't 
always  make  apps  run  better. 


demographic,  the  number  of  users  and  their  locations.“Once  that  has  been  determined 
we  talk  to  the  users  to  see  what  they  want  to  get  out  of  the  study  —  is  it  response-time 
estimates?  Mainly,  it  is ‘Will  network  ops  sign  off  on  our  application?”’ White  says. 

White  recalls  a  time  when  Opnet  showed  Gap  business  users  that  throwing  more  band¬ 
width  at  a  problem  might  not  always  be  the  right  answer. The  retailer  rolled  out  a  pilot  at 
19  branches  in  which  sales  associates  could  place  customer  orders  from  Gap’s  online 
store  using  the  browser  on  a  cash  register.  Because  the  response  time  after  a  mouse  click 
could  be  as  slow  as  45  seconds,  the  team  responsible  for  store  systems  wanted  to 
upgrade  the  56K  bit/sec  connection  between  the  store  and  the  site. 

A  quick  model  using  ACE  of  a  typical  transaction  using  128K  and 
256K  bit/sec  connection  speeds  found  that  the  faster  net¬ 
works  would  only  shave  5  seconds  off  the  current  time.  By 
using  the  model,  White  and  his  colleagues  identified 
that  the  delay  was  caused  by  large  transaction  sizes 
and  slow  processing  times  of  the  cash  register 
and  server  at  the  online  store.  The  company 
didn’t  change  the  setup  because  traffic  vol¬ 
umes  were  low  and  the  performance 
increase  wouldn’t  justify  the  cost. 

“Our  data  center  is  in  Rocklin, Calif., and 
we  have  users  in  Asia  and  Europe.  We 
can’t  throw  a  ton  of  bandwidth  at  prob¬ 
lems, ’’White  says.“The  ACE  reports  give 
users  choices  —  this  is  what  would 
happen  if  we  upgraded  the  band¬ 
width.  The  reports  help  them  set  their 
own  performance  expectations.  Could 
they  put  up  with  low  response  times,  or 
do  they  want  to  spend  the  money  and 
upgrade?” 

White  says  the  entire  testing  process 
—  from  first  meetings  to  the  issue  of  a 
report  —  takes  about  40  manhours,  much 
less  than  the  200  to  400  manhours  that 
Altaworks’  Danielson  says  some  companies 
spend  solving  brownouts.  Danielson  knows  of 
a  Midwest  insurance  firm  that  has  a  swat  team  of 
seven  types  of  IT  specialists  who  trace  performance 
problems  on  the  live  network  instead  of  testing  the  net¬ 
work  and  applications  at  the  pre-production  stage. 

But  sometimes  it’s  still  necessary  to  troubleshoot  during  pro¬ 
duction.  White  recounts  an  occasion  when  users  at  Gap  headquar¬ 
ters  suffered  intermittent  delays  when  accessing  an  application  service 
provider  (ASP)-hosted  CRM  application.The  users  connected  to  the  ASP? 
data  center  after  passing  through  a  proxy  server  at  Gap’s  data  center. 

“We  used  IT  Guru  to  capture  the  application  stream,  and  we  found  some 
interesting  things.  The  application  was  a  giant  Java  script,  and  the  pro¬ 
cessing  power  of  the  clients  was  slow, "White  says.“Users  wanted  to  blame 
the  proxy  server  but  once  we  ran  tests  we  found  that  it  was  not  inducing  delays.” 

Gap  fixed  the  problem  by  upgrading  the  slower  client  machines  to  2GHz, setting  user-.’ 
browsers  to  use  HTTP  Version  1.1  and  adding  bandwidth. 

He  says  the  testing  tool  has  been  helpful  in  preventing  the  finger-pointing  betwe 
users,  applications  development  staff  and  the  network  operations  specialists.  Bui  f 
thinks  it  would  be  even  better  if  network  professionals  had  more  application  kr.ov. 
edge.’Jf  1  knew  what  the  application  was  doing,!  could  make  recommendations, i, : > 
than  just  give  them  raw  data.  We  could  then  be  far  more  effective,”  he  says.  ■ 
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Ybi/r  One-Stop  Shop  for  high  availability  solutions 

BuyUptime.com  is  a  leading  supplier  in  end-to-end  UPS  power, 
thermal  cooling,  and  management  solutions.  Shop  us  online  to 
find  the  right  networking  solutions  for  your  application  needs. 


UPS 

Power  Distribution 

Rack  Systems 

Mobile  Computing 

Surge  Protection  and 
Power  Conditioning 

/Cooling  Solutions  ) - 

Broadband  Power 
Systems 

Connectivity  Solutions 
Battery  Systems 
Services 

InfraStruXure  System 

Management 

Hardware  Security  . 
Devices 


Order  via  our 
promo  page 
and  save! 


Portable  Air  Conditioning  Solutions  for  Network  Applications l 


NetworkAIR ™  1000 


AP7003 

Sale  Price 

$  799.49 


The  NetworkAIR1”  1000  is  a 
portable  and  compact  air  condi¬ 
tioner,  perfect  for  spot  cooling 

small  server  closets,  conference 

rooms  or  home  offices. 

Features: 

•  Provides  1.6kW  cooling 

•  Features  electronic  control 
panel  with  LCD  display 

•  Automatic  turn-on/ 
shut-off  timer 

•  Oscillating  automatic  swing 
louvers  for  even  air  distribution 
in  the  room 


Save! 

15% 


A  compact,  self-contained  air 
conditioner  for  localized  cooling 
of  application  hot  spots.  The 
NetworkAIR™  PA  4000  is  a  great 
choice  for  cooling  small  to  medium¬ 
sized  wiring  closets  and  computer 
rooms. 

Features: 

•  Provides  up  to  4kW  of  cooling 

•  Dual-ducted  condensing  provides 
more  efficient  cooling 

•  LCD  display  for  local  manage¬ 
ment  and  scheduling 

•  Automatic  restart  feature  returns 
the  unit  to  its  last  operating  status 
in  the  event  of  a  power  failure 


NetworkAIR ™  PA4000 


ACPA4000 
Sale  Price  Save1 

$2999.49  15% 


Visit  http://promo.buyuptime.com 

and  enter  key  code  q797y 


Or  Call  Toll  Free: 

888-288-8843  to  order. 

Fax:(877)411-2080  •  e-mail \  sales@buyuptime.com 
801  Corporate  Centre  Drive,  St.  Charles,  MO  63304  •  BY1A4EP-US 
©2004  Systems  Enhancement  Corp.  All  Trademarks  are  the 
property  of  their  owners. 
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Who  s  Protecting 
Your  Network? 


GTA  Firewall  Products 

Tough  Network  Security 


✓  Building  Firewalls  for  over  1 0  years 

✓  ICSA  4.0  Corporate  Certification 

✓  5  appliances  to  match  your  network  needs 

✓  Easy,  Flexible  Implementation  Options 

✓  IPSecVPN 

✓  Affordable  pricing 


Global 
Technology 
Associates,  Inc. 


1-800-775-4GTA  •  www.gta.com  •  lnfo@gta.com 
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Fingerprint  Authentication  Scanner 

AlterPath™Bio 


Enterprise  KVM  Solutions 

AlterPath™KVM 


l«s;:i  - 


Advonced  Console  Servers 

AlterPath™ACS 


Network  Management  Gateway 

AlterPath™  Manager 


Intelligent  Power  Distribution  Units 

AfterPath,uPM 


Cyclades’  data  center  management  solutions  offer  a  full  range 


of  security  features  across  its  entire  product  line  of  console  servers, 
power  management,  KVM,  biometric  scanner  and  network  management. 
With  SSH  v2,  IP  Filtering,  strong  authentication,  event  logging  and 
data  logging,  Cyclades  can  make  your  network  into  a  secure 
heavyweight  contender  in  the  data  center  world. 

LINUX 


INSIDE 


For  a  FREE  white  paper  on  data  center  security,  please  visit  us  at  www.cyclades.com/securitywp 


-  iff*. 


www.cyclades.com/nw  Cy C 1 3Cl t 

.  1.S88.cyclades.1.888.292.5233  .sales@cyclades.com  Everywhere  With  LthUX 

©2004  Cyclades  Corporation.  All  rights  reserved.  All  other  trademarks  ond  product  images  are  property  of  their  respective  owners.  Product  information  subject  to  change  with  r 
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custom  Management  Levels 

OBSERVER 

•  Decode  over  500  protocols 

•  Long-term  network  trending  &  analysis 

•  Real-time  statistics 

EXPERT  OBSERVER 

»  What-lf  Modeling  Analysis 
•  •  Expert  Analysis 

•  Connection  Dynamics 

OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RMON1 ,  RMON2,  HCRMON 

•  Web  Publishing  Reports 


1 1  HAPPEN. 


Remote  &  Hardware  Options 

REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 

GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


US  &  Canada  Toil  free:  (800)  526-5958  •  Fax:  (952)  932-9545  •  UK  &  Europe:  +44  (0)  1959  569880 

£  One  Network  /^/Complete  Control  Wired  to  Wireless  •  LAN  to  WAN 

” 


NETWORK 

INSTRUMENTS 


OBSERVER 


OBSERVER 


" 

OBSERVER 


Test-drive  the  new  Observer  9  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


Introducing  Observer  9 

•  New  Application  Analysis 

•  Remote  probes  now  provide  multi-interface  and 
multi-session  support 

•  Industry-first  4GB  packet  capture  buffer 

•  Wireless  Site  Survey  Modes 

•  Nanosecond  resolution 

•  Now  over  450  Expert  Events 

•  SNMP,  RMON  and  now  HCRMON  support 


mm 

www.networkinstruments.com/nine 

©  2004  Network  Instruments,  LLC.  All  rights  reserved.  Observer,  Network  instruments  and  the 
Network  Instruments  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 


Remote  Reboot  Over  Telnet! 


Reboot  your  Network  Equipment  via  Telnet,  Dial-Up  and  Local  Console 


Network  equipment  sometimes  "iocks-up”  requiring  a 
service  call  just  to  flip  the  power  switch  to  perform  a 
simple  reboot.  The  NPS  Network  Power  Switch  gives 
network  administrators  the  ability  to  perform  this 
function  from  anywhere  on  the  LAN/WAN,  or  if  the 
network  is  down,  to  simply  dial-in  from  a  standard 
external  modem  for  out-of-band  power  control. 


Individually 
Programmable 
Outlet  Plugs  (8) 


By  Mark  Gibbs 
Network  World 
2/18/02 


lOBase-T  Ethernet 
Interface 


Out-of-Band 

Management 


RS232 
onsole  Port 


fi  Eight  (3)  Individual  Outlets 
K§  Dual  15-Amp  Circuits 
H  Integrated  10-BaseT  Interface 

■  RS-232  Modem  and  Console  Ports 
m  Outlet-Specific  Password  Security 
m  Network  Security  Features 

■  Power-up  Sequencing 
B  Co-Location  Features 

■  Modem  Auto-Setup  Command  Strings 


Dual  15  Amp 
Power  Circuits 


1 9”  Rack  Brackets 
Allow  Front,  Back,  or 
Center  Mounting 


western  telematic  incorporated 

5  Sterling  ♦  Irvine  •  California  926  1  8-25  1  7 


www.wti.com 


(800)  854-7226 


Celebrating  our  40th 
Year  in  DataCom 


“ Keeping  the  Net.. .  Working!  ” 
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In  order  to  manage  the  equipment  in  all  38  regional 
offices,  Fred  bought  27,000  miles  of  serial  cable. 
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Next  time  he  should  install 
a  Lantronix  Console  Server.... 

Poor  Fred.  Apparently  he  doesn’t 
realize  that  a  Lantronix  Console 
Server  would  make  his  life  a  whole  lot  easier.  It  doesn't  matter  if 
you  have  devices  down  the  hall  or  in  the  Helsinki  Regional  Office, 
a  Lantronix  Console  Server  provides  secure,  remote  access-even 
when  the  company  network  goes  down.  Servers,  routers, 
switches-you  name  it-all  can  be  safely  monitored  and  managed 
anytime,  from  anywhere  in  the  world.  Not  only  will  you  minimize 
downtime,  but  you'll  no  longer  have  to  jet  a  technician  across  the 
continent  on  one  of  those  "no  fault  found”  boondoggles.  And  you'll 
save  a  bundle  on  serial  cable  besides. 

To  find  out  more  about  how  a  Lantronix  Console  Server  could  have 
simplified  Fred's  life,  visit  www.NoFredNo.com/nw1. 


LANTRONIX 

1 5353  Barranca  Parkway.  Irvine,  CA  9261 8.  USA 

©2004  Lantronix.  Inc.  Lantronix  is  a  registered  trademark  of  Lantronix,  Inc. 
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How  Do  You 
Secu  ely  Reboot 

via  IP? 


Sentry  Gives  You  Secure  Web/IP  Based  Remote  Site  Management 

"NEW!1’  Secure  Shell  (SSHv2)  Encryption 
"NEW!"  SSLv3  Secure  Web  Browser 
"NEW!"  Active  Directory  with  LDAP 
SNMP  MIB  &  Traps 
Integrated  Secure  Modem 
True  RMS  Power  Monitoring 
Outlet  Receptacle  Grouping  for  Dual-Power  Servers 
Fail-Safe  Transfer  Switch  for  Single-Power  Supply  Servers 
Power-up  Sequencing  Prevents  Power  In-rush  Overload 
Temperature  &  Humidity  Environmental  Monitoring 
Zero  U  &  Rack-mount  Models 
1 1 0/208  VAC  Models  with  30-Amp  Power  Distribution 
NEBS  Approved  -48  VDC  Models  Available 


Server  Technology 


Solutions  for  the  Data  Center  Equipment  Cabinet 


When  servers  and  network  devices 
in  the  data  center  lock-up,  network 
managers  need  fast,  secure  and 
reliable  tools  to  respond.  With 
Sentry™  Remote  Site  Managers, 
an  administrator  can  immediately 
reboot  a  remote  system  with  just 
a  few  mouse  clicks.  Sentry  also 
provides  accurate  input  current 
power  monitoring,  environmental 
monitoring  and  integrated  secure 
console  management  using  SSH. 


. 

Server  Technology,  Inc.  | 

Server  Technology,  Inc.  toll  free  +1.800.835.151$  |i 

1040  Sandhill  Drive  tel  +1.775.284.20$)  ft 

Reno,  NV  89521  fax  +1 .775.284.2065.^ 

USA  .  .  -4 

www.servertech.e0flv.y- 

'MB 

salesOservertech.cow'i! 


©Server  Technology  Inc.  Sentry  is  a  trademak  of  Server  TecBriologiv 
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.  A  single  or  multiple 

,  ^^fkstations'  tb  H«ive  local  or  remote  access  to 
^ini'i^fipte'compMters  located  in  server  rooms  or 
?  TQrt^he;T#e^ktop  regardless  of  their  platforms 
;  iridrppferatifig  systems.  KVM  switches  have 


IfaditipnaljvrproVided  tost  savings  in  reducing 
ejlijiprnenr  costs  while  freeing  up 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


Local  or  Remote  Server  Management  Solutions 


;'•  .Recognized  as  the,;pioneer  of  KVM  switch 
Ai^tedfrriatogy,  Rose  Electronics  offers  the 
'  •  W  Ihdtifitry's'Fpost  comprehensive  range  of 
. .  "jfcrvpr  management  products  such  as  KVM 
Ji?  VSyKitches,  extenders  and  remote  access 
'.i  ^sdlofions:  Rose  Electronics  products  are 
^  Iknoiivn  for  their  quality,  scalability,  ease  of  use 

•inovahve  technology.  : 

■  -  : 

rtf  -  Rose  Electronics  is  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
.  products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
jA ^operations  in  the  United  Kingdom,  Spain, 
.Germany,  Benelux,  Singapore  and  Australia. 


IpF"  RackVIew™ 

KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 


Rose  Electronics 
10707  Starirliff  Road 
Houston,  Texas  77099 

ROSE  US  f  2 8 1  933  7673 

ROSE  EUROPE  t  44  (0)  1 264  850574 
ROSE  ASIA  +65  6324  2322 
ROSE  AUSTRALIA  +617  3388  1540 
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UltraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 
Secure  encrypted  operation  with  login  and  computer 
access  control 

Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


Connects  up  to  1000  computers  to  a  KVM  station 
Models  for  4,  8,16  computers 
Advanced  visual  interface  (AVI) 

Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 
Connects  to  PS/2,  Sun,  USB,  or  serial  devices 
Converts  RS232  serial  to  VGA  and  PS/2  keyboard 
Free  lifetime  upgrade  of  firmware 
Security  features  prevent  unauthorized  access 
Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 
Easy  to  expand 


800  333  9343 

WWW.ROSE.COM 


^ELECTRONICS 


Take  control  of  your  network,  systems  and  application 
infrastructure  before  it  controls  you.  OpManager  provides 
integrated  management  for  IT  infrastructure. 

Move  to  integrated  management.  Try  OpManager  today... 

Available  for  Linux,  Solaris  and  Windows 
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Stop  juggling  with) 
multiple  management  tools 


Keep  IT  simple 


ManageEngine" 

*1)0  OpManager 

Network,  Systems  and  Application  Management 


Production  Tracking  Over  Ethernet 

Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 

Features  C  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 
display  sizes  available 

COVIII  Tl  J  {WISE. 

Call  1  800  255  3739  or  visit  www.computerwise.com 
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If  you’re  faced  with  managing  and  securing  more  and  more  users,  resources  and  services 
in  a  complex,  multi-platform  business  environment,  one  solution  will  ensure  you  don’t  end 
up  banging  your  head  against  the  wall. 


OpenNetwork’s  non-intrusive,  end-to-end  identity  management  software  platform 
leverages  your  existing  technology  infrastructure  and  extends  it  across  heterogeneous 
platforms  to  meet  evolving  business  requirements. 


Features  and  functionality  include: 

>  A  single,  unified  point  of  Web-based  administration 
(available  in  .NET  and  Java  versions) 

>  Single  Sign-On 

>  Self-service  password  management 

>  Delegated  administration 


>  Automated  workflow 

>  Robust  provisioning 

>  Detailed  auditing 


OpenNetwork  can  help  you  solve  immediate  business  problems  while  laying  a  foundation  that 
lets  you  add  functionality  on  an  as-needed  basis  to  meet  longer-term  goals,  such  as 
federation  and  Web  services  security.  It  eliminates  the  need  for  cumbersome  point  solutions, 
so  you'll  see  a  rapid  ROI  and  the  lowest  total  cost  of  ownership  in  the  industry. 


To  find  out  more  about  OpenNetwork  or  to  try  our  product,  visit  www.opennetwork.com/goto/nw 


OpenNetwork. 


North  America  Europe  Asia  Pacific 


Nail  it  with  OpenNetwork. 


SFNSAPHONE" 

IMS 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends  Power  Internal 

E-Mail  Outage  UPS 

Alarming 


Power 

Control 

Interface 


Ethernet 

Port 


Internal  Voice, 
Modem 
&  Pager  Port 


8  RJ-45  Sensor  Inputs 

( Temperature ,  Humidity, 
Water,  Motion,  Power, 
Smoke/fire) 


Microphone 

tor  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Phonetics,  Inc. 
901  Tryens  Road 
Aston,  PA  19014 


In  today's  demanding  data  center  environment,  no 
one  knows  how  to  protect  and  organize  your 
valuable  IT  equipment  better  than  Rittal.  Our 
TS-server  cabinets  securely  accommodate  the  dense 
mounting  of  virtually  any  kind  of  server,  networks  or 
mass  storage  devices.  Maybe  that's  why  so  many 
leading  companies  around  the  world  count  on 
Rittal  for  their  network  infrastructure  needs. 


CHECK  OUT  THE 
TEAM  RITTAL  WEBSITE 
AND  REGISTER  TO  WIN! 

Use  priority  code:  NWW 


Grand  Prize: 

•  Complete  Home  Entertainment  ov 
Weekly  Drawings: 

•  Louisville  Slugger  Bats 

•  Team  Rittal  Baseball  Hats 


Tel:  877-3  2700 

Www.irns-4000.com 
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Overheated? 


Plug  In 

The  Simple 
Solution. 


MovinCool  spot  air  conditioners  are 

the  answer  to  your  overheating  problems. 

Just  roll  it  in.  Plug  it  in.  Turn  it  on. 

It’s  that  simple. 

►  Up  to  60,000  Btu/h  of  cooling 
power  right  where  and  when 
you  need  it 

►  Protects  against  data  loss  and 
equipment  failure 

►#1  in  portable  air  conditioning 
for  over  30  years 

►The  only  portable  air 
conditioner  ETL-verified 
for  performance 


MOVINCOOL 


THE  #1  PORTABLE  SPOT  COOLING  SOLUTION 
800-264-9573  or  visit  www.movincool.com 

©2004  DENSO  Sales  California,  Inc.  MovinCool,  SpotCool  and  Office  Pro  are  registered  trademarks  of  DENSO  Corporation. 


In  business  since  1989 
Specialists  in  Linux,  BSD,  X86  Solaris 
On-site  warranty,  next-business-day 
cross-ship  options  available. 


ASA  —  Custom  Servers  and  Storage 
www.asacomputers.com  •  866-382-5263 

2354  Calle  Del  Mundo,  Santa  Clara,  CA  95054 

For  details/inquiries/customization  email:  saies@asacomputers.com 


All  Systems  are  pre-loaded  with  any  Linux/BSD  version/distribution  of  your  choice.  On-site  warranty,  cross-ship  options  available. 


MINI  SUPER  for  Clusters 


1U  14”  Depth 

1  of  2  Intel*  Xeon™  processors  2.4  GHZ 
Serial,  VGA,  USB  2.0,  Mouse,  Keyboard 
All  ports  Front  Accessible 
1  x  10/100,  1  x  Gigabit  LAN 
512  MB  DDR  ECC  (Max  8  GB) 

Options:  CD,  Floppy 


$1249 


NO-FRILLS  STORAGE  SERVER 


$12,099 


8TB  SATA  storage  in  5U! 

Dual  Intel*  Xeon™ processors  2.4  GHz 
512  MB  DDR  ECC  Memory  (Max  8  GB) 

3  Raid  5  volumes  of  2TB  each 
Dual  Gigabit  LAN,  CD 

Options:  IDE,  SCSI  Drives,  Firewire,  DVD-RW, 
CDRW,  64-  bit  OS  configuration,  Additional  LAN, 
Floppy,  Fiber  Gigabit 


SM-6013P8+ 


Based  on  Supermicro  6013P8+ 

1  of  2  Intel"  Xeon™  processors  2.4  GHz 
512  MB  DDR  ECC  Memory  (Max  12  GB) 


Get  MORE  COMPUTERS  in  LESS  SPi 


We’ll  design  maximum 
flexibility  into  your 
available  space 


Well  give  you  a  3-D  plan 

at  NO  CHARGE! 


G.S.A.  GS29F269H  •  I.S.O.  9001  CERTIFIED 


YOU  CAN  RECEIVE  YOUR  ORDER  IN  5-7  BUSINESS  DAYS 


COMPUTER  SECURITY 


Custom  fire  “rooms”  and 
“vaults”  available 


Store  paper  documents  and 
computer  media  in  the  new 
mixed  media  safes  and  files 


Units  are  available  in 
various  sizes 


MIXED  MEDIA  FILE 


A  New  “Patent  Pending”  Rack  Design 

Assemble  Any  Size  Rack  Using  Only  3  STOCK  Parts 

Choose  any  width,  depth,  &  height  of  dual-tapped  E.I.A.  rack 
rail  from  one  of  43  sizes  in  1-3/4”  rack  unit  increments.  Ships 
knocked-down  in  3  small  cartons.  Build  all  kinds  of  neat  stuff ! 


4  RU 13"  Deep -$159.85 
43  RU  30"  Deep  -  $264.85 

Shop  Online 


www.starcase.com/rack.htm 
(800)822STAR  (7*27) 
(800)782-CASE(m 


CitciSmm 
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9%  BayNetworks 

COMPUTONE  ivkoa.iu.fi! 
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Telenet  ic 


RACAL 


CMMMnuiMf  through  trfhnology 


If  it’s  on  the  N  WORLDWIDE  PROVIDER 
network,-  -  •  OF  NETWORK 

vie’vegotjtl  HARDWARE 

t  K  SINCE  1981! 

•  Network  Hardware - 


•  babies 


•  Memory 


THE  SAUK  GROUP  *  1-800-668-9319  Ext.  201  •  www.salixgroup.com 
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•  Accessories  -[jg 

sales® wrca.net  -  (800)699-9722x102 


FIBER  OPTIC  SOLUTIONS 


Tl/El  &  T3/E3  Modems 
RS-232/422/485  Modems  and 
Multiplexers 

IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 
LAN  -  Arcnet/Ethernet/Token  Ring 
Video/Audio/Hubs/Repeaters 
I S  0  -  9  0  0 1 


5.1. TECH 

Toll  Free  866  SITeth  1 
630-761-3640,  Fax  630-761-3644 
www.sileth-bitdriver.com  or  www.sitechfiber.com 
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Advertising  Supplement 

IT  Careers:  The  Job  Picture 


This  is  the  first  of  two  articles  that  IT 
Careers  will  publish  in  cooperation  with 
the  Information  Technology  Association  of 
America  (ITAA)  studies  on  2004  job  outlook  and 
specifically  the  software  development  job 
category. 

While  the  information  technology  industry  sector 
plunged  from  2000  to  2003,  international  events  created 
an  increasing  awareness  that  software  development  and 
technology  infrastructure  are  critical  to  the  nation's  security 
and  global  economic  leadership.  That  was  the  focus  of  the 
recent  National  Software  Summit,  where  participants 
tackled  infrastructure  trustworthiness  and  adequacy  of 
current  software  research  and  development,  but  also 
maintaining  the  world's  leading  software  workforce. 

Harris  Miller,  president  of  ITAA,  worked  with  a  team  of 
leaders  from  IBM,  Northrop  Grumman  and  Microsoft  as 
well  as  academia,  to  address  the  workforce  issue  and 
present  findings  at  the  summit.  Key  among  the  findings  of 
the  team  were: 

•  After  a  three-year  slump,  technology  hiring  is  going 
up. 

•  IT  workers  need  to  be  able  to  navigate  across  the 
economic  range  of  opportunities,  not  just  in 
technology  companies. 

•  There's  a  need  to  prioritize  the  most  important  and 
credible  certifications  for  hiring  clarity. 

•  Creativity  and  imagination  -  the  ability  to  "think 
outside  the  box"  are  in  high  demand. 


One  of  the  most  difficult  skills  to  speak  about  in  job 
interviews  is  the  "think  outside  the  box"  ability.  Miller  says 
the  best  way  to  do  this  is  for  job  candidates  to  explain  to 
hiring  managers  an  actual  experience  where  they  looked 
beyond  the  visible  problem  or  challenge  to  create 
something  much  more  valuable.  "For  instance,  if  you  were 
asked  to  perform  a  maintenance  update  but  along  the  way 
found  that  there  was  a  better  approach  to  integrate 
databases  that  had  been  stovepiped  -  that's  an  example  of 
this  thinking.  It's  what  will  differentiate  you  from  the  other 
500  people  who  have  applied  for  the  same  job." 

The  team  did  note  that  there  is  more  focus  on  IT 
professionals  having  more  than  one  major  area  of  study  to 
complement  technical  skills.  "Everyone  is  talking  about  it," 
Miller  says,"  but  it  is  not  yet  a  dominant  trend.  Most 
companies,  when  running  an  ad  to  hire  someone,  run  the 
same  kind  of  ad  listing  technical  skills.  Companies  on  the 
cutting  edge  are  trying  to  break  into  new  areas  of  business 
and  they're  listing  a  broader  set  of  capabilities  required.” 

For  more  information  about  IT  Careers 

advertising,  please  contact:  Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 


Over  the  next  three  to  five  years,  demand  will  be 
highest  for  information  security,  network 
design/administration,  programming/software  engineering 
job  categories. 

"Hiring  managers  will  view  a  straight  technology 
worker  as  not  being  as  valuable  as  one  who  understands 
the  business  model  and 


how  a' 

f 

specific  industry’1 
'works,"  says  Miller.. 

"It's  not  about, 
knowing  every  jot  orj 
jiggle  but  about  the  ability  to  interact^ 
internally  and  with  customers  and 
[suppliers,  to  know  how 
Ithe  industry  is  regulated. j 
In  the  past,  these  skills  were  required  only  at  the  top  end  of 
the  (IT)  profession."  ITAA's  Global  Outsourcing  study  found 
that  the  technical-only  skills  are  most  easily  outsourced;  the 
complexity  of  applying  technology  to  create  new  business 
growth  and  opportunity  is  more  valued  and  less  likely 
to  be  outsourced. 


itcareers.com  can  solve  the 
labyrinth  of  job  hunting 
by  matching  the  right 
IT  skills  with  the 
right  IT  position. 

Find  out  more  at: 

www.itcareers.com 


SOFTWARE  DEVELOPERS. 
Develop  standard  features, 
interfaces  and  complex  modules 
for  existing  or  new  software 
products  to  provide  major  fea¬ 
ture  implementation  to  client 
base  of  standard  customers. 
Actively  participate  in  innovative 
new  designs,  technologies, 
research  projects  and  their 
implementations.  Learn  new 
proprietary  technologies  and 
development  tools,  developed 
in-house,  as  well  as  adapt  to 
non-SQL  type  databases. 
Effectively  convey  expert 
research  findings  on  complex 
technologies  to  a  wide  audi¬ 
ence.  In  order  to  emphasize 
quality,  provide  clear  and  com¬ 
plete  models  and  documenta¬ 
tion.  Develop  utilities  to  assist  in 
the  quality  control  of  the  features 
developed  (multiple  openings). 
Requires  7  yrs  of  experience,  or 
B.S.  in  Computer  Science  or 
related  field  and  5  yrs  experi¬ 
ence.  in  job  offered  or  software 
development.  Experience  must 
include  5  yrs  programming  in 
Delphi.  Experience  must  also 
include:  2  yrs  working  with  SQL 
databases  (Sybase,  Microsoft 
SQL  Server,  Oracle):  developing 
client/server  applications  -  both 
2  tier  and  3  tier;  development  of 
middleware  technologies 
(MIDAS,  COM,  CORBA,  CGI, 
ISAPI);  and  development  in  a 
Web  environment  (Active  Server 
Pages,  JavaScript).  Must  have 
proof  of  legal  authority  to  work  in 
the  United  States.  Send  resume 
with  SSN  to  Andrea  Weston, 
Ontario  Systems,  1150  West 
Kilgore  Avenue.  Muncie,  IN 
47305. 


MAINFRAME  ANALYST/PRO¬ 
GRAMMER:  Writes,  updates, 
maintains  programs  written  in 
COBOL/CICS  for  mainframe 
and  financial  services  clients. 
Creates/maintains  IDMS/R  data¬ 
bases.  Reviews  work  flow  charts 
development  by  system  ana¬ 
lyst/programmers  to  under¬ 
stand/advise  on  the  computer 
tasks  to  perform.  Creates 
description  for  programmers/ 
systems  analysts  to  understand 
how  program  should  access 
data.  Writes  physical  database 
description  to  protect  it  from 
unauthorized  access  and  tam¬ 
pering.  Provides  technical  sup¬ 
port  and  guidance  for  COBOL 
systems.  Coordinates  changes 
in  computer  databases.  Reviews 
changes  in  physical  design  of 
databases  to  assess  effect  on 
physical  databases.  Establishes 
computer  access  level  for  each 
segment  of  database.  Specifies 
user  access  level  for  retrieval, 
modification,  deletion.  Conducts 
quality  control  testing  on  codes 
and  correcting  errors.  Enter 
codes  to  create  production  data¬ 
bases  and  utilities  programs  to 
monitor  performance  of  data¬ 
base.  Modifies  data  in  fine-tun¬ 
ing  database  operations. 
Generates  prototype  for  poten¬ 
tial  clients  to  visualize  applica¬ 
tions.  Job  is  in  Miami,  FL.  40  hrs. 
weekly,  9-5  pm.  $61,000/yr. 
Bachelor's  degree  or  equivalent, 
based  on  education  or  experi¬ 
ence  in  Computer  Science  or 
related  field  plus  2  years  experi¬ 
ence  in  job  offered.  Mail  resume 
to:  SMX  Services  &  Consulting, 
Inc.,  7220  NW.  36th  St.,  Suite 
#421,  Miami.  FL  33166.  Attn: 
Amneris  Hampton. 


SQL  &  Web  Engineer  wanted  to 
develop  &  architect  solutions  for 
internal  customers  using  compa¬ 
ny  structured  methodology.  3- 
tier  architecture  &  one  of  the  fol¬ 
lowing  technologies:  Lotus 
Script,  Lotus  formula  language, 
ASP,  COM+,  VB;  develop  clear, 
concise  &  professional  tech.  & 
user  documentation;  lead  &  per¬ 
form  the  Bus.  Analysis  phase  of 
projects  inch  Reqt.  Analysis, 
High  Level  Design,  Workflow 
Analysis  &  Design,  Info.  Flow 
Analysis  &  Design;  effectively 
estimate  solutions  design  & 
implementation  for  projects  us¬ 
ing  accurate  time  estimates; 
provide  tech,  support  to  client  & 
IT  mgmt.  to  ensure  develop,  of 
efficient  application  systems  uti¬ 
lizing  established  standards, 
procedures  &  SDLC  methods; 
act  as  a  point  of  contact  for  cus¬ 
tomer  engagements;  assist 
w/develop.  of  proposals;  inte¬ 
grate  disparate  systems  for  vari¬ 
ous  internal  depts.;  admin., 
maintain  &  upgrade  the  3rd  party 
'Perception'  Online  Training 
Server  &  all  other  3rd  party  solu¬ 
tions;  maintain  &  upgrade  web 
App.  templates  using  co.  tem¬ 
plates;  maintain  &  upgrade 
Microsoft  IIS  Web  Apps.  &  Lotus 
Workflow  Systems.  Must  have 
Bach.  deg.  in  Comp.  Sci.,  Eng., 
or  related  field  &  2  yrs.  exp. 
developing  data-driven  web 
apps.  on  MS  &  Lotus  platforms, 
including  exp.  w/ASP.  VB,  Lotus 
Script,  Lotus  Formula  Lan¬ 
guage,  &  Lotus  Notes/Domino 
Development.  40  hrs/wk.  Sal¬ 
ary  $70,000/yr.  Send  two  res¬ 
umes  to  Case  No.  200300027, 
Division  of  Career  Services, 
Labor  Certification  Unit,  19 
Staniford  Street,  1st  Floor, 
Boston,  MA  02114. 


Better  address?  Better  compensation?  Better  training?  Better  get  in  here! 

www.itcareers.com 

Now  powered  by  CareerJournal.com 


DATABASE  ADMINISTRATOR 

Developing  &  maintaining  MFG/ 
PRO  modules  -  Inventory,  Sales/ 
Distribution,  Mfg.,  Accounts  Pay¬ 
ables,  Accounts  Receivables, 
General  Ledger.  Cost  Mgmt.  & 
Pricing.  Developing  reports  & 
maintenance  screens  based  on 
user  requirements.  Troubleshoo¬ 
ting  user  problems  in  the  soft¬ 
ware.  Developing/maintaining 
MFG/PRO  -  Point  of  Sale  (POS) 
interface.  PROGRESS  program¬ 
ming  &  analysis;  PROGRESS 
database  mgmt.  Legacy  system 
conversion  &  implementation  of 
MFG/PRO  at  acquisition  compa¬ 
nies.  Perform  system  administra¬ 
tion  tasks  for  HP-UNIX  servers, 
including  install,  manage  &  main¬ 
tain  test  &  production  database 
environments;  database  tuning; 
develop/administer  backup,  re¬ 
store.  disaster  recovery  proce¬ 
dures;  create  optimal  database 
configuration  to  service  business 
needs.  Manage  EMC  storage 
system  and  Symmetrix  software. 
ORACLE  PL/SQL  programming. 
Bachelor's  degree  in  Computer 
Science,  Engrg.  or  Bus.  Admin, 
plus  3  yrs.  experience  in  offered 
position  or  as  Database  Adminis¬ 
trator,  Technical  Consultant,  or 
Systems  Analyst/Programmer 
required.  Must  know  PROG¬ 
RESS  programming  language; 
PROGRESS  &  SQL  database 
mgmt.;  ORACLE  SQL  &  Micro¬ 
soft  SQL  software;  HP-UNIX  op¬ 
erating  system  (systems  admin¬ 
istration.  shell  scripting,  &  Awk/ 
Sed  language).  Expertise  re¬ 
quired  with  MFG/PRO  integrated 
systems  inventory,  sales/distribu¬ 
tion,  mfg  &  financial  modules  in 
design,  implementation  &  train¬ 
ing  of  users.  40  hr/wk.  OT  as 
required.  8am-  5pm.  $65,558/yr. 
Send  resume  to  Ginny  Burton 
#3883,  Dept,  for  Employment 
Services.  275  E.  Main  St.  2-WA, 
Frankfort,  KY  40621.  Only  per¬ 
sons  with  authorization  to  work 
permanently  in  the  U  S.  need 
apply.  EQUAL  OPPORTUNITY 
EMPLOYER. 


PRODUCT  MANAGER, 
VECTOR 

ACS  State  and  Local  Solutions 
has  a  current  opening  in  its 
Rockville,  MD,  office  for  a  Senior 
Product  Manager.  VECTOR. 

This  individual  will  be  responsi¬ 
ble  for  managing  the  VECTOR 
product  line  and  services  includ¬ 
ing  developing  comprehensive 
product  roadmaps,  conducting 
vendor  analysis,  participating  in 
product  release  planning,  man¬ 
aging  product  development  and 
expansion  and  providing  busi¬ 
ness  development  support,  uti¬ 
lizing  technologies  including 
OpenVMS,  HP-UX,  Rdb.  Oracle 
DB,  Sun  Universal  Development 
Server  (UDS),  ClearCommerce 
payment  processing,  XML  and 
BEAS  Message  Queue.  Must 
manage  the  analysis  and  docu¬ 
mentation  of  VECTOR  product, 
including  business  requirements 
and  limitations  and  recommend 
solutions.  Will  determine  product 
scope  and  objectives.  Will  also 
manage  subordinate  managers 
and  professional  technical  staff. 
Expected  to  participate  in  trade 
shows,  review  Request  for 
Proposals  (RFP),  liaise  with 
external  vendors  and  develop 
presentations  of  proposals  to 
clients. 

This  position  requires  a 
Bachelor's  in  an  Engineering  or 
Computer  Science  discipline,  6 
years  of  combined  experience  in 
managing  software  develop¬ 
ment  teams,  product  definition 
and  architecture  and  leading  the 
planning  and  management  of 
software  products  Prior  expen- 
ence  must  include  at  least  6 
years  of  direct  experience  lead¬ 
ing  the  development  of  technical 
solutions  for  the  Electronic  Toli 
Collection  (ETC),  Call  Centers, 
and  Financial  Processing/ 
Settlement  industries. 

To  be  considered  for  this  posi¬ 
tion  please  go  to  www.acs- 
inc.com  .  Career  Opportunities, 
Current  Openings  Rockville 
MD,  and  click  on  Senior  Product 
Manager.  VECTOR,  SL-TSS- 
TCC  22089,  to  apply  on-line. 
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For  over  20  years,  Syntel  employees  across  North  America,  Europe,  and 
Asia  have  helped  build  advanced  information  technology  systems  for  lead¬ 
ing  Fortune  500  companies  and  government  organizations  to  improve  their 
efficiency  and  competitiveness.  Today,  Syntel  professionals  are  building 
rewarding  careers  by  providing  solutions  in  e-business,  CRM,  Web  Design 
and  Data  Warehousing. 

Come  discover  why  Forbes  magazine  placed  Syntel  second  on  its  list  of 
“The  200  Best  Small  Companies  in  America”  and  Business  Week  ranked 
us  #1 1  on  its  list  of  Hot  Growth  Companies. 

Due  to  our  rapid  growth,  we  have  immediate,  full-time  opportunities  for 
both  entry-level  and  experienced  Software  Engineers,  Consultants, 
Programmers,  Programmer/Analysts,  Project  Leaders,  Project  Managers, 
Supervisors,  Database  Administrators,  Computer  Personnel  Managers 
and  Computer  Operations/Account  Managers/ Account  Executives  with 
any  of  the  following  skills: 

Mainframe 

•  IMS  DB/DC  or  DB2,  MVS/ESA, 

COBOL,  CICS 

DBA 

•  ORACLE  or  SYBASE 


•  Focus,  IDMS  or  SAS 


•  DB2 


Client-Server/WEB 

•  Siebel 

•  Websphere 

•  Com/DCom 

•  Web  Architects 

•  Datawarehousing 

•  Informix,  C  or  UNIX 

•  Oracle  Developer  or  Designer  2000 

•  JAVA,  HTML,  Active  X 

•  Web  Commerce 

•  SAP/R3,  ABAP/4  or  FICO  or  MM 
&SD 


•  Oracle  Applications  &  Tools 

•  Lotus  Notes  Developer 

•  UNIX  System  Administrator 

•  UNIX,  C,  C++,  Visual  C++,  CORBA, 
OOD  or  OOPS 

•  Win  NT 

•  Sybase,  Access  or  SQL  server 

•  PeopleSoft 

•  Visual  Basic 

•  PowerBuilder 

•  IEF 


Account  Executives,  Account  Managers  and 
Business  Development/ Account  Specialist 

positions  available. 

Some  positions  require  a  Bachelor's  degree,  others  a  Master's  degree.  We  also 
accept  the  equivalent  of  the  degree  in  education  and  experience. 

With  Syntel  (NASDAQ:  SYND,  you'll  enjoy  excellent  compensation,  full  benefits, 
employee  stock  purchase  plan  and  more.  Please  forward  your  resume  and 
salary  requirements  to:  Syntel,  Inc.,  Attn:  Recruiting  Manager-LD05, 

525  E.  Big  Beaver,  Suite  300,  Troy,  Ml  48083.  Phone:  248-619-2800; 
Fax:  248-619-2888.  Equal  Opportunity  Employer. 

S^NirEL 

wmrav.syntelinc.com 


SAP  Senior  Consultant 

GlaxoSmithKline.  Research 
Triangle  Park,  NC.  Provide 
expert  second  line  support  using 
business  process  and 
Production  Planning,  Execution, 
and  New  Product  Introduction 
(”PP/  PP-PI")  application  knowl¬ 
edge  for  pharmaceutical  compa¬ 
ny.  Solve  complex  and  original 
problems  and  provide  expert 
technical  guidance  on  PP/PP-PI 
processes.  Carry  out  detailed 
impact  assessments  for  pro¬ 
posed  change  requests,  pro¬ 
pose  alternative  cost-effective 
solutions  where  appropriate  and 
lead,  evaluate,  develop,  test  and 
arrange  release  of  develop¬ 
ments  according  to  GSK  valida¬ 
tion  procedures.  Work  with  other 
functions  to  identify  opportuni¬ 
ties  for  process  improvement 
and  assist  in  the  implementation 
of  those  agreed.  Req.: 
Bachelor's  or  foreign  equivalent 
in  CS  or  Engineering.  3  years  of 
experience  in  job  offered  or  as 
SAP  Consultant.  Following 
experience,  which  may  have 
been  obtained  concurrently:  3 
years  of  experience  in 
Production  Planning,  in  specifi¬ 
cation  and  configuration  of  SAP 
(incl.  version  4.6)  and  in  SAP 
development  in  PP/PP-PI  areas; 
2  years  of  experience  in  the 
pharmaceutical  industry;  and  2 
years  of  experience  in  the  selec¬ 
tion,  configuration,  implementa¬ 
tion  and  maintenance  of  PP/PP- 
PI  systems. 

GSK  is  dedicated  to  an  innova¬ 
tive  workplace  and  supports  you 
with  career-long  opportunities  & 
learning.  We  offer  a  competitive 
benefits  and  compensation 
package.  For  confidential  con¬ 
sideration  please  forward  2 
copies  of  resume  to:  BHG  Box 
34980,  220  E.  42nd  St.,  14th  Fl„ 
NY,  NY  10017.  Indicating  ad 
code  "SAPSC”  is  essential. 
Principals  only,  no  agencies. 
GSK  is  proud  to  promote  an 
open  culture,  encouraging  peo¬ 
ple  to  be  themselves  and  giving 
their  ideas  a  chance  to  flourish. 
GSK  is  an  equal  opportunity 
employer. 


Programmer  Analyst/ 
Consumer  Website 
Developer 

Cablevision 

Our  leading  telecommunica¬ 
tions  and  entertainment  compa¬ 
ny  has  an  excellent  opportunity 
for  a  professional  to  develop  ap¬ 
plications  and  provide  technical 
assistance  to  support  consumer 
websites.  A  solid  understanding 
of  object  oriented  programming 
is  mandatory.  A  minimum  of  2 
years  experience  with  Java, 
J2EE,  along  with  familiarity  with 
ATG,  BEA,  IBM,  Tomcat  and 
JRUN  required.  ATG  consumer 
experience  strongly  preferred. 
Prior  background  in  XML  tech¬ 
nologies  including  XSL,  Soap 
and  Web  services  desired.  A 
thorough  understanding  of  rela¬ 
tional  database  structures  and 
concepts,  database  administra¬ 
tion,  SQL  and  Oracle  program¬ 
ming  along  with  application  de¬ 
velopment  required.  Experience 
developing  and  deploying  web 
applications  in  a  multi-tiered 
distribution  environment  highly 
desired. 

Position  also  requires  a  BS/BA 
degree  or  equivalent  work  ex¬ 
perience  including  technical 
training.  A  minimum  of  2  years 
systems  analysis  and  program¬ 
ming  experience  a  must.  Prov¬ 
en  hands-on  background  with 
ATG  Dynamo  Consumer  Com¬ 
merce  Suite  and  Dynamo  Appli¬ 
cation  server  is  preferred. 

Competitive  salary  and  excel¬ 
lent  benefits. 

Email  resume  w/salary 
history  and  job  code: 

#0524CW0003CAM 
to:  careers@cablevision.com 

EOE 


Sr.  Business  Intelligence/ 
Knowledgebase  Analyst  wanted 
to  mng.  &  oversee  corp.  knowl¬ 
edgebase  &  bus.  intel.  solutions; 
identify  &  prioritize  need  areas 
w/in  overall  organizational  archi¬ 
tecture  to  design  solutions  & 
provide  solution  guidance  from 
conception  to  completion;  ana¬ 
lyze,  design,  dev.,  test,  imple¬ 
ment  &  maintain  knowledgebase 
mngmt.  sys.,  knowl.  databases, 
bus.  intel.  apps..  &  data  ware¬ 
house  arch.;  analyze  &  consoli¬ 
date  corp.  knowledgebase  (incl. 
Finance,  Sales,  HR,  Cust.  Serv., 
Procurement,  Eng.  Services, 
etc.)  in  various  formats  for  data 
warehouse  arch.;  dev.  reporting 
&  analysis  tools  for  the  co.'s  bus. 
intel.,  incl.  global  sales  budget  & 
profit  contrib..,  sales  comp.,  pay¬ 
roll  time  tracking,  quality  control, 
procurement  &  supply  chain,  & 
corp.  oper.  expense  budget  & 
bus.  unit  income  contrib..  using 
Oracle  Enterprise  Resource 
Planning  Application  (ERP)  & 
underlying  database  design, 
PL/SQL,  Java,  Visual  Basic  & 
Unix  shell;  utilize  Oracle 
Electronic  Transfer  &  Loading 
Utility  &  Oracle  Warehouse 
Builder  (OWB)  to  consolidate 
corp.  sales  data  in  various  for¬ 
mats;  implement  automated 
report  distribution;  categorize 
Plasma  tech.  &  corp.  training 
data  into  digitized  formats  &  cre¬ 
ate  underlying  databases; 
design  &  implement  web-based, 
graphic  user  interfaces  for  info, 
access  &  retrieval  using 
PL/SQL,  Java,  Java  Script,  JSP, 
HTML,  XML,  Oracle  Application 
Server  (OracleAS)  &  Oracle 
Portal  on  Windows  &  Unix  plat¬ 
forms;  design  &  develop 
Extranet  &  Internet  using  digital 
info.  mgmt.  Must  have  Master's 
deg.  in  Comp.  Sci.,  Info.  Mgmt. 
or  related  field  &  2  yrs.  of  exper. 
designing,  developing  &  main¬ 
taining  knowledgebase  mngmt. 
sys.  &  data  warehouse  apps. 
using  Web  interfacing  tools,  as 
well  as  exper.  using  ERP, 
OracleAS,  Oracle  Portal,  Oracle 
Database  7  to  9i,  OWB  &  Oracle 
Developer  &  exper.  program¬ 
ming  w/Java  Servlet,  JSP,  XML, 
&  Unix  Shell.  40/hr/wk. 
$68,000/yr.  Send  2  resumes  to 
Job  Order  #2004-367,  P.O.  Box 
989,  Concord,  NH  03302-0989. 


Sr.  Network  Consultant  sought 
by  software  consulting  company 
in  Denver,  CO  to  work  in 
Cupertino,  CA  and  other  unan¬ 
ticipated  job  sites  in  the  U.S.  to, 
at  a  senior  level,  be  responsible 
for  network  development,  instal¬ 
lation,  testing  and  administra¬ 
tion.  Analyze  user  requirements 
for  network  bandwidth  and  secu¬ 
rity  for  Local  and  Wide  area  net¬ 
works.  Develop  network  archi¬ 
tecture  for  Cisco  networks 
based  on  Ethernet,  Gigabit 
Ethernet,  ATM,  Packet  over 
SONET  (PoS)  and  Frame  Relay 
using  Cisco  routers.  Switches 
and  Firewalls  for  Local  and  Wide 
Area  Networks  (LAN  &  WAN). 
Develop  and  implement  routing 
protocols  such  as  Open 
Shortest  Path  First  (OSPF), 
Routing  Information  Protocol 
(RIP),  Enhanced  Interior 
Gateway  Protocol  (EIGRP)  and 
Border  Gateway  Protocol  (BGP) 
for  routing  Transmission  Control 
Protocol  and  Internet  Protocol 
(TCP/IP)  in  large  LANs  and 
WANs.  Create  and  implement 
plans  for  network  security. 
Provide  training  and  support  and 
engage  in  project  management 
as  required.  Requires  master's 
or  equivalent  in  Electronics  and 
Communication  or  related  field; 
specifically  requires  master's 
degree  or  foreign  equivalent  or  a 
bachelor's  degree  or  foreign 
equivalent  plus  5  yrs.  exp.;  2  yrs 
network  administration  experi¬ 
ence;  working  knowledge  of 
Cisco  networks,  EIGRP,  OSPF 
and  frame  relay.  The  2  yrs  net¬ 
work  administration  experience 
may  be  concurrent  with  the  5  yrs 
required  for  the  master’s.  M-F; 
8am-5pm;  $75,000/yr  Respond 
by  resume  to  Employment 
Programs,  PO  Box  46547, 
Denver,  CO  80202  and  respond 
to  JON  CO5077643 


Chief  ODeratina  Officer.  Direct 

the  Management  of  German 
owned  subsidiary  company  spe¬ 
cializing  in  the  development, 
customization  and  implementa¬ 
tion  of  Customer  Relationship 
Management  ("CRM”)  systems; 
direct  corporate  operations, 
including  strategic  planning. 
CRM  systems  development  and 
implementation,  quality  control 
and  client  development  and 
relations;  and  serve  as  Chief 
Liaison  with  German  parent 
company  responsible  for  prepar¬ 
ing  reports  in  German  on  US 
corporate  and  financial  opera¬ 
tions,  strategic  planning  and 
profitability  for  German  execu¬ 
tives.  owners  and  Board  mem¬ 
bers.  Must  have  a  Master's 
degree  or  foreign  equivalent  in 
business  administration  with  a 
concentration  in  computer  sci¬ 
ence  or  a  related  field  and  six 
years  of  executive  or  manageri¬ 
al  level  experience  managing 
software  systems  development, 
or  a  Bachelor's  degree  and  eight 
years  of  experience  as  stated. 
Experience  must  include  at  least 
2  years  of  executive-level  expe¬ 
rience  directing  corporate  opera¬ 
tions  of  a  software  company  with 
annual  revenues  exceeding  $10 
million. 

Vice  President  of  Professional 

Services.  Direct  the  Manaae- 
ment  of  the  design,  develop¬ 
ment,  customization  and  imple¬ 
mentation  of  multi-million  dollar 
Customer  Relationship  Manage¬ 
ment  ("CRM")  systems  from  pre¬ 
sales  through  post  go-live  sup¬ 
port,  including  technical  systems 
specification,  project  planning, 
pricing  and  contract  negotiation 
and  client  relations;  manage 
CRM  Project  Managers, 

Engineers  and  other  technical 
support  staff,  providing  technical 
guidance  to  development  and 
implementation  teams  in  the  US 
and  Germany;  serve  as  Chief 
Technical  Liaison  to  German 
Parent  Company,  responsible 
for  co-development  of  systems 
solutions  and  training  of  US  staff 
on  systems  developed  in 
Germany.  Must  have  ten  years 
of  executive  or  managerial  level 
experience  managing  software 
systems  development.  If  inter¬ 
ested,  submit  resume  in  dupli¬ 
cate  to: 

Ms.  Cassandra  M.  Stewart 
Human  Resources  and 
Office  Manager 

CAS  Systems  of  America,  Inc. 

1100  Abernathy  Road 
Building  500,  Suite  750 
Atlanta,  Georgia  30328 

Software  Engineer 
InterContinental  Hotels  Group 
is  seeking -qualified  applicants 
for  positions  at  the  company's 
North  American  headquarters 
in  Atlanta.  Develop  real-time 
revenue  management  applica¬ 
tions  for  use  in  multi-platform 
environment.  Requires  rele¬ 
vant  degree  and  experience 
with  revenue  management 
systems  for  hospitality/tourism 
industry.  Apply  to  Francene 
Taylor,  Six  Continents  Hotels, 
Inc.,  Three  Ravinia  Drive, 
Suite  100,  Atlanta,  Georgia 
30346. 


Software  Engineer  to  perform 
sys  Ivl  prod  testing,  which  in¬ 
cludes  network  comm.  &  connec¬ 
tivity  tests;  equipment  initializa¬ 
tion  &  setup  tests;  sys,  integra¬ 
tion,  &  component  Ivl  functional 
tests;  user  Interface  testing; 
regression  tests;  &  version  com¬ 
patibility  tests;  perform  prod  de¬ 
sign,  sys  analysis  &  prog  activi¬ 
ties.  Bach  in  CS/EE/related  field 
+  4  yrs  exp  +  knowledge  of  SQA 
concepts  and  telecomm  stan¬ 
dards  (SS7,  TCAP.  ISUP.  IS41P, 
IS826  &  IS771)  +  exp  w/  scripting 
languages  (Bourne,  Shell,  C- 
Shell,  Perl,  C++)  req'd.  Forward 
2  resumes  to  Lightbridge,  Inc. 
320  Interlocken  Pkwy.  Broom¬ 
field.  CO  80021.  Attn:  Pat 
Jensen.  Job  #  1465.0051. 
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Siebel  Systems,  Inc.  has  an 
oprtnty  for  a  Technical  Instructor 
in  Atlanta,  GA.  Consltng  cross- 
fxnly  w/Delivery  Mgrs  to  gain 
knwldge  of  specific  custmr  & 
prtnr  education  prjct  rqrmnts, 
processes&procedures  as  they 
relate  to  proprietary  sftwr 
applctns  reqmg  implntn  &  traing. 
Providng  tech  consltn  &  educa¬ 
tion  on  the  prep  of  tech  traing 
delivery  methds.  Conductng  for¬ 
mal  grp  traing  on  proprietary 
tech  prdcts.  $64K/yr.  Req: 
BA/BS  or  equiv  +2.  Client/server 
applctn,  RDMS&cncpt,  data 
modelng  &  instructional  design, 
devlpmnt&dlvry  cncpts.  Please 
Ref  #  CW-2521  &  apply  online 
to  http://www.siebel.com/adresume 
or  forward  your  resume  to: 
Siebel  Systems,  Inc.  Attn: 
Corporate  Recruiting,  2207 
Bridgepointe  Parkway,  San 
Mateo,  CA  94404  EEOE 


Senior  Engineer  (Portland,  OR): 
Develop  &  implement  introspec¬ 
tive  &  self-adaptive  hardware  & 
software  sys.  Design,  imple¬ 
ment,  &  evaluate  new  program 
representations.  Consult  w / 
teams  &  clients  to  enhance  reli¬ 
ability,  scalability  &  performance 
of  advanced  computer  system. 
Supervise  project  team  &  engi¬ 
neers  to  devise  solutions.  Min. 
req's:  Ph.D.  in  Comp.  Sci.  or 
Elec.  Eng  Plus  1  yr.  specialized 
experience.  Send  resume  to 
Melanie  Peters,  Business  Man¬ 
ager,  Reservoir  Labs,  Inc.,  632 
Broadway,  Suite  803,  New  York, 
NY  10012. 


SA N  QA  Engineer  to  perform  s/w 
component/app  testing,  includ¬ 
ing  functional  testing,  installation 
testing,  integration  testing  at  the 
component  level,  stress/load 
testing  at  the  application  level, 
user  interface  testing,  patch  test¬ 
ing,  documentation  testing,  & 
performance  testing  at  the  com¬ 
ponent  level.  Must  have  Bach  in 
CS/EE/related  field  +  2  yrs  SQA 
exp  +  knowledge  of  SQA  con¬ 
cepts  +  test  automation  incl 
Winrunner  &  Test  Director  +  exp 
w/  scripting  languages,  w /  instal¬ 
lation  of  Oracle  DB,  and  w / 
telecomm  protocol.  Forward  2 
resumes  to  Lightbridge,  Inc,  320 
Interiocken  Pkwy,  Broomfield, 
CO  80021,  Attn:  Pat  Jensen. 
Job#  1465.0080. 
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SYSTEM  ADMINISTRTOR  to 
maintain  and  develop  Gentran 
Director  EDI  electronic  data 
inter-exchange  system  with  new 
and  existing  customers:  develop 
Barcodes  solutions;  support 
Macola,  SalesLogix,  e-synergy 
ERP  and  CRM  systems;  support 
Citrix,  Nfuse  and  terminal  server 
applications;  manage  Windows 
Mobile  Smartphone  and  Exch¬ 
ange  2003  integrated  Mess¬ 
aging  system;  maintain  Nortel 
phones,  PBX  and  other  voice 
communication  systems;  man¬ 
age  Windows  2003  Avtive 
Diretory,  SQL  Server  and 
Backup  Exec.  Require:  B.S.  in 
Computer  Science/Information 
Systems.  Competitive  salary 
offered.  Mail  resume  to:  Attn: 
Vice  President,  EA  International 
Ltd,  1050  Northbrook  Parkway, 
Suwanee,  GA  30024. 


Software  Engineers  needed 
in  Milwaukee,  Wl.  Seeking 
candidates  possessing  MS 
or  equiv.  and  rel.  work  exp. 
Duties  include:  Analyze, 
design,  develop,  implement 
and  test  software  applica¬ 
tions.  Exp  must  include  2 
years  working  with  RDBMS. 
Mail  resume,  ref  and  salary 
reqs  to:  Systems  People, 
Inc.,  1200  New  Rodgers 
Road,  #C7B,  Bristol,  PA 
19007. 


McData  Corp.  seeks  applicants 
for  the  position  of  Software 
Engineer  in  Sunnyvale,  CA  to 
design  and  develop  software  for 
data  center  storage  switches 
that  allow  connectivity  between 
hosts  and  storage  devices. 
Requires  bachelor's  in  computer 
science;  2  yrs  exp  working  as  a 
software  engineer  in  Fibre 
Channel  and  SAN  technologies; 
working  knowledge  of  Fibre 
Channel  protocol,  protocol 
ASICs,  operating  system  inter¬ 
nals  and  writing  device  drivers 
(for  LINUX  or  any  flavor  of 
UNIX).  Respond  by  resume  to 
Peter  Whittle,  McData  Corp-. 
380  Interiocken  Crescent, 
Broomfield,  CO  80021  and  refer 
to  JON4. 


ENG.  Jr.  Software  Engineer. 
Assist  in  writing  comp  pro¬ 
grams  that  translate  system 
codes/spec  of  CDR,  CDRW 
DVD+R,  +RW,  ROM  &  RAM 
Drives.  Generate  specifica¬ 
tions  for  user  appl.  Assist  in 
prototyping,  refining,  testing  & 
debugging.  Req:  Bachelor  s  in 
Comp  Sci/Comp  Eng.  40 
hrs/wk.  Job/interview  site. 
Anaheim,  CA.  Resume  to: 
Digital  Peripheral  Solutions, 
Inc.  @  PO  Box  27684, 
Anaheim,  CA  92809 


Programmer/Analyst,  Wash¬ 
ington,  DC.  Assist  Team  Leader 
in  EAI  project  architecture  elab¬ 
oration,  design  &  development 
designing  processes  based  on 
automatic  UML  models  transla¬ 
tion  &  code  generating.  Reqd. 
B.S.C.S  &  2  yrs  exp  including 
exp  in  J2EE,  XML,  Oracle,  MS 
SQL,  UML,  IBM  Web  Sphere, 
Code  generators.  M-F, 
40/hrs/wk.  Send  resume  to  S. 
Arsenyev,  EastBanc  Tech¬ 
nologies,  LLC,  Ref.  #99A1 ,3307 
M  Street,  N.W.,  Suite  200, 
Washington,  DC  20007, 


PROGRAMMER/ANALYST 

Plan,  devel.  test,  documnt  comp 
sftwr  using  XML,  JSP,  EJB, 
JDBC,  ASP,  VB6,  COM  objects, 
XSL.  Java  Servlets  Javascripts, 
DHTML,  Linux,  CSS,  WebLogic 
&  WebSphere  w/ORACLE  & 
SYBASE  db's  in  Win  &  Unix 
envir.  Bach  degr  &  2  yrs  exp 
reqd.  Send  resume  to: 

HR  Dept,,  Fulcrum  Logic,  Inc. 

Short  Hills  Plaza 
636  Morris  Turnpike,  Suite  2J 
Short  Hills,  New  Jersey  07078 


COMPUTERS  -  Software  En¬ 
gineers  needed.  Seeking  qual. 
candidates  possessing  MS  or 
equiv.  and/or  rel.  work  exp.  Part 
of  the  req.  rel.  exp.  must  include 
2  yrs.  working  with  MS  Visual 
Interdev  &  Visual  Basic.  Duties 
include:  Design  &  develop  call 
center/CRM  software  solutions; 
Plan  &  architect  multi-tiered 
native  &  web  applications;  Work 
with  Borland  Delphi,  MS  Visual 
Studio.NET,  Visual  Basic, 
ASP.NET,  MS  Visual  Interdev. 
Crystal  Reports  &  SQL  Server. 
Knowledge  of  'C'  desirable. 
Fwd.  resume  &  ref.  to: 
Sigmaworx,  Inc.,  Attn:  HR,  1515 
Kimberly  Rd.,  Davenport,  IA 
52807. 


LABORATORY  NETWORK 
ENGINEER  for  local  drug  and 
alcohol  testing  laboratory.  B.S. 
degree  in  Computer  Science/ 
Engineering  required.  Minimum 
2  years  experience  developing 
software  and  managing  I.T. 
infrastructure.  Experience  with 
SQL  Server  development  and 
administration,  Unisyn  Auto¬ 
mate.  and  SoftVelocity's  Clarion 
preferred.  Send  resumes  to: 

Midwest  Toxicology 
Services,  Inc. 

H.R.  Manager 
603  E  Washington  St„ 

Suite  200 

Indianapolis,  IN  46204 


R&D  Algorithm  Engineer 

To  design  and  implement  algo¬ 
rithms  for  machine  vision  in 
manufacturing  industries  and 
participate  in  all  stages  of  devel¬ 
opment  process  from  require¬ 
ments  capture  to  final  testing. 
Req,  a  Master  degree  in  Com¬ 
puter  Science,  Electrical  Engin¬ 
eering  or  related  field,  proficien¬ 
cy  in  Visual  C++,  Matlab  (Image 
Processing  toolbox,  etc.)  and 
working  knowledge  of  Pattern 
Recognition.  40  hrs/wk.  Send 
resume  and  cover  to  Emory 
Berry,  DVT  Corporation,  1855 
Satellite  Blvd,  #100,  Duluth,  GA 
30097. 


Systems  Analysts  (ERP  / 
Financials):  Analyze,  design  & 
administer  enterprise  apps. 
and  systems  including  finan¬ 
cials/transport  Admin  ./Mgmt. 
in  Lawson  Apps.  (Financials/ 
Admin.),  Oracle,  SQL  Server, 
Unix,  AS400,  COBOL,  VB. 
For  complete  job  description 
or  to  apply,  send  resume/con¬ 
tact  HR/IT-SA,  URSI,  10701 
Middlebelt  Road,  Romulus, 
Ml  48174.  No  phone  calls 
please.  Principals  only.  EOE. 


Systems  Engineers  needed. 
MS/BS  or  equiv.  or  rel.  work  exp. 
Part  req.  rel.  work  exp.  must 
incld  3  yrs  working  w/  Oracle, 
Weblogic,  &  XML  technologies. 
Duties  incld:  Design,  configure, 
program  &  implement  ERP  & 
web  based  systems:  Develop 
standardized  methods,  tech.  & 
protocols  for  data  comm.  (Incld 
data  mapping);  Provide  tech, 
expertise  for  customer  system 
integration  &  end-to-end  partner 
testing.  Work  w /  Unix,  Java, 
J2EE,  JDBC,  C+++  Oracle  8  (& 
above)  Weblogic,  Web-meth¬ 
ods,  EDI  &  XML.  Send  res.,  ref., 
&  sal.  req.  to  Attn:  HR  Elemica, 
Inc.,  1200  Liberty  Ridge  Rd., 
#120,  Wayne,  PA  19087. 


Engineer  (New  York,  NY):  De¬ 
velop/implement  introspective  & 
self-adaptive  hardware  &  soft¬ 
ware  sys.  Design,  implement  & 
evaluate  new  program  repre¬ 
sentations.  Consult  w/  engi¬ 
neers  &  clients  to  enhance  reli¬ 
ability,  scalability  &  perfor¬ 
mance.  Design  systems  &  tech¬ 
niques  to  map  applications  on 
architectures.  Must  have  M.S. 
in  Comp.  Sci.  or  Elec.  Eng.,  plus 
1  yr.  specific  experience.  Send 
resume  to  Melanie  Peters, 
Business  Manager,  Reservoir 
Labs,  Inc.,  632  Broadway,  Suite 
803,  New  York.  NY  10012. 


Dot  Hill  Systems  seeks  appli¬ 
cants  for  the  position  of  Principal 
Firmware  Engineer  in  Long¬ 
mont,  CO  to  engage  in  design 
and  development  of  software  for 
network-based  storage  technol¬ 
ogy  devices  with  embedded 
operating  systems  that  utilize 
SCSI  commands  and  protocols. 
Specify,  design,  develop  and 
analyze  Cache  and  RAID  (RAID 
level  5,  5+0,  1,  1+0)  software 
algorithms  and  Failover  and 
Failback  software  algorithms 
Position  requires  6  yrs  exp  per¬ 
forming  the  duties  and  using  the 
technologies  above.  Respond 
by  resume  to  Eileen  Jonikas, 
Dot  Hill  Systems,  7420  E.  Dry 
Creek  Parkway,  Longmont,  CO 
80503. 


Seeking  qualified  applicants  for 
the  following  positions  in  Orlando, 
FL:  Senior  Programmer  Analyst. 
Formulate/  define  functional 
requirements  and  documentation 
based  on  accepted  user  criteria. 
Requirements:  Bachelor's  degree 
or  equivalent"  in  computer  sci¬ 
ence,  engineering,  MIS  or  related 
field  plus  5  years  of  experience  in 
systems/applications  develop¬ 
ment.  Experience  with  C  and/or 
C++,  Java  and  UNIX  also 
required.  "Master’s  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience. 
Submit  resumes  to  LaWanda 
Thompson,  FedEx  Corporate 
Services,  1900  Summit  Tower 
Blvd.,  Suite  1400,  Orlando,  FL 
32810.  EOE  M/F/D/V. 


Computer:  Programmer  An¬ 
alysts  needed.  Seeking  qual. 
candidates  possessing  BS  or 
equiv.  and/or  rel.  work  exp. 
Part  of  the  req.  rel.  work  exp. 
must  include  2  yrs  working 
w/  C++.  Duties  include:  De¬ 
velop  &  test  programs  and 
software  according  to  client 
projects;  Perform  regression, 
GUI  &  Functional  tests.  Work 
with  C++,  Oracle,  PL/SQL,  & 
Java.  Send  res.,  ref.  &  sal. 
req.  to:  Software  Galaxy 
Systems,  LLC.,  1703  Dahlia 
Cir.,  Dayton,  NJ  08810. 


Programmers  needed.  Seek¬ 
ing  cand  possessing  BS  or 
equiv  and  2  years  rel  work 
exp.  Our  company  will  accept 
1  year  of  post  baccalaureate 
experience  in  lieu  of  1  year  of 
required  years  of  experience. 
Duties  include:  Develop, 
modify  and  maintain  pro¬ 
grams  using  Microsoft  Visual 
Studio.NET,  C#,  Java,  SQL 
Server  and  other  advanced 
technologies.  Mail  resume, 
refs  and  salary  reqs  to:  Digital 
Designs,  1501  Charlotte 
Ave.,  Monroe,  NC  28110. 


Multiple  positions  available 
for  integrated  credit  card 
services  company.  Seeking 
Development  Mgr.  &  Sr. 
Team  Leader.  Positions 
require  M.S.  in  Comp  Sci. 
plus  1  yr  exp  or  alternative¬ 
ly  B.S.  plus  5  yrs  exp.  Must 
include  VC++,  MS-SQL, 
Stingray.  Send  resume  to 
Dynamic  Currency  Conv¬ 
ersion,  Inc.,  P.O.  Box  1047, 
Nyack,  NY  10960 


PROGRAMMER  ANALYSTS 
for  Chicago,  IL  office.  Design  & 
Develop  software  applications 
using  Oracle,  Sybase,  XML, 
Coolgen,  Interwoven,  Clear- 
Case,  ClearQuest,  Plumtree, 
ITS,  PVCS,  UNIX.  Bachelors 
or  Equivalent  req'd  in  Comput¬ 
ers,  Engineering,  Math  or  any 
related  field  of  study  +  2  yrs  of 
related  exp.  40  hrs/wk.  Must 
have  legal  authority  to  work 
permanently  in  the  U.S.  Con¬ 
tact  HR  Manager,  Regency 
Technologies,  Inc.,  3130  N 
Lake  Shore  Drive,  #  1200, 
Chicago,  IL  60645. 


Application  Developer  reqd  for 
s/ware  Co.  in  Boston,  MA. 
Duties:  SystemStudy,  dvlp, 
dsgn,  review,  rewrite,  test  & 
update  applic  for  web  based 
learning  &  implmt  s/ware  as  per 
spec  using  JDK,  JSP,  Servlets, 
EJB.  JDBC,  Swing,  Visio, 
Websphere  and  Weblogic. 
Knowledge  in  Adaptive  Learning 
Theories,  Instructional  Design, 
SCORM  2004,  IMSQTI,  XML/ 
IEEE,  AICC  Compliance  is  a 
must.  2  yrs  exp  as  prgmr  or  in 
field  &  Bach  reqd.  40  hrs/wk,  9a- 
5p.  Resumes  to:  IDL  Systems, 
Inc.,  60  Mass  Ave.  Boston,  MA 
02115. 


Programmer  Analysts: 

Design,  develop,  test,  maintain 
and  deploy  business  systems 
and  technology  solutions. 

Min.  Educ.  Bachelor's  degree  or 
equi.  Some  positions  require 
Master's  degree  or  equi.  Min 
Exp.  -  Adequate  industry  experi¬ 
ence.  Job  may  involve  working 
at  various  locations  throughout 
the  US. 

Please  send  resume  to: 
Selectiva  Systems,  Inc. 
3333  Warrenville  Rd,  Suite  200 
Lisle.  IL  60532. 
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Events  and  Executive  Forums 


Network  World  Events  and  Executive 
Forums  produces  educational  events 
and  executive  forums  worldwide, 
including  our  one  day  Technology  Tours, 
customized  on-site  training,  and  executive  forums  such  as  DEMO®. 
DEMOmobile®,  and  VORTEX,  as  well  as  the  DEMOIetter  and  VORTEX 
Digest  newsletters.  For  complete  information  on  our  current  seminar 
offerings,  call  us  at  800-643-4668  or  go  to  www.nwfusion.com/events. 


Publicize  your  press  coverage  in 
Network  World  by  ordering  reprints  of 
your  editorial  mentions.  Reprints 
make  great  marketing  materials  and 
are  available  in  quantities  of  500  and 
up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399- 
1900  x129  or  E-mail:  mshober@reprintbuyer.com. 


Edison's  name  is  synonymous  with  innovation. 
In  Enterprise  Wireless  LANs,  it's  Airespace. 


Edison  is  known,  unquestionably,  as  one  of  history's  greatest 
innovators.  But  what  was  his  first  step  toward  greatness?  He 
gained  an  unparalleled  level  of  expertise  in  his  field.  The  rest  is 
history.  Airespace  takes  the  same  approach  with  their  Wireless 
LAN  systems.  Airespace  is  not  a  switch  company  that  "glued  on" 
an  RF  antenna.  We  came  from  the  RF  side  and  we  have  brought 
together  real  wireless  expertise  with  standards-based  product 
innovations  to  hit  the  air  running. 


The  Airespace  WLAN  system  easily  enables  seamless  and 
secure  wireless  services  under  load,  including  real-time 
applications  such  as  voice  and  video.  And  unlike  other  WLAN 
products,  it  provides  an  integrated  wireless  prevention  and 
protection  system.  Unique  from  "grounded"  point  appliances, 
Airespace  integrates  key  capabilities  such  as  monitoring, 
identity,  and  location  into  the  infrastructure  rather  than 
requiring  a  separate,  overlay  AP  network. 


Learn  more  about  taking  advantage  of  our  expertise  and 
innovation.  Visit  www.airespace.com/topten 
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&fs  wireless  deal  with  Sprint  raises  eyebrows 


9  8Y  DENISE  PAPPALARDO  consumer  and  business  offerings,  industry 

experts  are  questioning  whether  Sprint  gets 
While  latching  onto  Sprint’s  wireless  net-  enough  out  of  the  deal, 
work  might  plug  a  glaring  gap  in  AT&T’s  AT&T  will  offer  customers  mobile  ser¬ 


vices  that  will  be  bundled  with  its  existing 
local,  long-distance  voice  and  data  services 
over  Sprint's  wireless  network.  The  two 
companies  last  week  inked  a  five-year,  non¬ 


exclusive  contract.  Financial  details  were 
not  divulged. 

The  arrangement  will  let  AT&T  become  a 
mobile  virtual  network  operator  (MVNO), 
which  the  carrier  says  gives  it  more  opera¬ 
tional  control  than  simply  reselling  ser¬ 
vices.  AT&T  will  provide  customer  service, 
billing  and  landline  network  support.  All 
wireless  long-distance  voice  calls  will  be 
handed  off  to  AT&T’s  landline  network  with 
the  exception  of  any  call  destined  for  the 
Sprint  PCS  network. 

The  telecom  giant  has  not  offered  wire 
less  service  since  it  divested  AT&T  Wireless 
in  2001. 

But  one  analyst  wonders  if  Sprint  made  a 
mistake  in  embracing  a  competitor. 

“How  many  times  can  Sprint  [sell]  itself 
out  . . .  and  still  succeed?”  asks  Bob  Egan, 
president  of  consulting  firm  Mobile  Com- 
petencyAT&T  is  Sprint’s  biggest  competitor 
for  business  users,  and  it  just  handed  them 
the  keys  to  its  one  differentiator,  its  wireless 
network,  he  says. 

Egan  points  out  that  Qwest  and  Virgin 
Mobile  both  operate  their  wireless  busi¬ 
nesses  off  of  Sprint’s  network  as  MVNOs. 

But  if  not  Sprint  it  would  have  been 
another  provider  teaming  with  AT&T.  Re¬ 
cently  AT&T  has  been  reselling  AT&T  Wire¬ 
less  services  to  customers  in  Atlanta; 
Austin,  Texas;  Baltimore;  Indianapolis;  San 
Diego  and  Tampa,  Fla.,  but  only  on  a  trial 
basis.  An  AT&T  spokesman  says  the  carrier 
is  using  this  information  to  formulate  how 
it  will  introduce  wireless  services  to  its  base 
of  about  35  million  consumer  and  3  mil¬ 
lion  business  customers. 

But  before  the  carrier  starts  rolling  out 
new  product  offerings  it  is  waiting  out 
Cingular  Wireless’ $41  billion  acquisition  of 
AT&T  Wireless.  “There  are  market  restric¬ 
tions  and  other  considerations  that  . . .  pre¬ 
clude  [AT&T]  from*  competing  against 
AT&T  Wireless  with  an  AT&T-branded  offer? 
until  after  the  deal  closes  sometime  in  the 
fourth  quarter,  the  spokesman  says. 

The  AT&T  Wireless  brand  name  will 
become  exclusive  property  of  AT&T  six 
months  after  the  deal  closes,  although 
AT&T  says  it  is  premature  to  say  it  will  use 
that  brand. 

AT&T’s  wireless  service  rollout  will  hap¬ 
pen  “beyond  late  this  year?  a  spokesman 
says. 

AT&T  likely  chose  Sprint  because  it  has 
the  most  experience  in  handling  MVNO 
arrangements, says  Phil  Redman, an  analyst 
at  Gartner. 

“Sprint  allows  people  to  plug  into  their 
switches  ...  to  assess  traffic  and  calculate 
billing,”  Redman  says.  There  aren’t  many 
providers  that  allow  that,  he  says. 

AT&T  also  says  it’s  in  “active  discussions,” 
with  other  wireless  service  providers.  ■ 
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that. The  government  has 
anted  up  more  money  for  this 
|  and  we've  seen  the  lion’s  share 
v  of  that. 

What  projects  is  BBN  working  on 

I  that  might  interest  network 
executives? 

One  area  we’re  actively  work¬ 
ing  in  is  a  way  of  tracking  back  a 
packet  after  it  arrives  at  its  desti¬ 
nation  [formerly  referred  to  by 
the  suspicion-arousing  name  of 
Source  Path  Isolation  Engineer 
SPIE].We  look  at  which  routers 
the  packets  touched  to  figure  out 
where  they  came  into  your  net- 
work.This  could  be  for  big  com¬ 
panies  and  government  agencies 
that  own  their  own  networks.  It 
was  developed  originally  for 
DARPA,  and  we’re  pursuing  other 
government  applications  now 
The  key  is  being  able  to  con¬ 


dense  this  astronomical  flow  of 
data  through  routers  into  a  small 
enough  thing  that  you  can  actu¬ 
ally  fit  a  buffer  in  memory  of  the 
last  five  minutes  or  so.  It  uses 
very  clever  hash  coding. 

We  also  have  patents  in  the 
works  for  automated  ways  to 
determine  when  worms  or 
viruses  become  active  in  your 
network.They  operate  on  fairly 
general  principles  and  use  the 
same  hashing  technologies  that 
the  IP  traceback  does. 

What’s  your  take  on  network  secu¬ 
rity?  Are  things  going  to  get  much 
worse  before  they  get  better? 

There  are  clever  people  who 
like  to  poke  holes  in  things,  and 
one  of  the  things  that  makes  it 
easy  for  them  is  that  there  is  so 
much  of  one  platform.  It  is  al¬ 
most  irresistible  to  them  world¬ 
wide  to  go  and  mess  with  it. 
There’s  a  lot  of  religious  discus¬ 
sion  internally  about  whether 
one  operating  system  is  intrinsi¬ 
cally  more  secure  than  others, 
but  it’s  hard  to  separate  out 


whether  one  is  more  secure  or 
not  from  the  fact  that  one  is  just 
more  prevalent  and  thus 
attracts  more  attacks.  We’re 
great  believers  in  diversity  of 
computation.  We  use  very  gen¬ 
eral  protocols  and  stay  away 
from  single-vendor  solutions. 
People  here  have  Microsoft, 
BSD,  Mac  and  Linux  boxes,  and 
they  co-exist. That  gives  you 
much  greater  intrinsic  robust¬ 
ness  against  attack  than  if  you 
have  a  monoclonal  solution. 

BBN’s  contributions  to  packet 
switching  and  e-mail  are  well  known. 
What’s  next  for  BBN  and  the  ’Net? 

We  still  participate  in  the  IETF 
and  write  RFCs  fairly  regularly 
But  the  Internet  is  so  huge  now 
that  we  don’t  have  the  central 
position  that  we  used  to,  and  no 
one  ever  will  again.  We ’re  still 
pushing  technology  forward,  but 
it  tends  to  be  more  for  special 
things  like  wireless  and  security 
There’s  also  the  semantic  Web, 
which  is  not  the  Internet  per  se 
but  it’s  probably  the  next  wave 


of  major  applications  atop  the 
World  Wide  Web.  We’re  very 
active  in  that  and  have  written  a 
lot  of  what  have  become  key 
protocols  in  that  area.  In  the 
next  few  years  that  will  become 
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a  very  powerful  way  of  commu¬ 
nicating.  You  11  have  agents 
buzzing  around  doing  things 
instead  of  everything  being 
designed  for  humans  to  look  at, 
which  is  really  a  limiting  thing.  ■ 
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Just  say  no  (receipt) 

F 


or  those  of  us  who  do  business 
by  e-mail  —  which  is  most  of 
us  —  e-mail  is  an  addiction,  it 
has  a  drug-like  quality  that  keeps 
you  coming  back  for  more  —  one 
hit  a  day  is  never  enough. 

Every  now  and  then  I  swear  1  will 
just  check  my  mail  only  a  couple  of 
times  each  day. Then  1  switch  off  the  sound  1  use  to 
tell  me  new  messages  have  come  so  that  the  lure 
of  “incoming”  is  minimized. 

It  never  works.  In  next  to  no  time  my  compulsive 
checking  habit  cuts  in  and  I  am  back  to  looking  in 
my  in-box  three  or  four  times  per  day.ln  next  to  no 
time  I’m  switching  on  the  “you’ve  got  mail”  sound. 
Then  I’m  back  to  handling  my  messages  in  real 
time. 

This  mania  to  keep  up  with  e-mail  is  something 
most  of  us  geeky  types  have  in  common,  and 
along  with  this  compulsion  often  comes  the  over¬ 
whelming  desire  to  know  that  our  messages  really 
get  to  their  destinations.  Some  people  send  you  a 
message  only  to  chase  it  with  a  follow-up  message 
10  minutes  later  and  then  a  telephone  call  one 
hour  after  that  to  check  that  their  first  message 
arrived.  Ugh. 

And  then  there  are  the  people  who  select  that 
their  messages  should  have  “receipt  request”  and 


“read  request”  enabled. 

My  e-mail  client  is  set  up  to  always  ask  me  if  a 
receipt  should  be  returned  and,  on  principled 
always  deny  it. 

My  reasoning  is  thus:  If  you  request  a  receipt  and 
I  have  a  relationship  of  some  kind  with  you,  I  will 
honor  the  request  unless  I  deem  a  receipt  unnec¬ 
essary  (for  example,  you  sent  me  a  joke)  or  if  I’m 
feeling  grumpy  (not  unusual). 

But  if  I  don’t  have  a  relationship  with  you  then  it’s 
a  crap  shoot:  snake  eyes,  no  receipt  ever;  pair  of 
sixes,  a  receipt;  anything  else,  good  luck. 

What  if  your  message  doesn’t  get  to  me  because 
it  gets  trashed  en  route?  Well,  if  you  do  not  get  a 
notification  from  a  mail  server  that  handled  the 
transaction,  tough  luck:  It  is  not  my  responsibility 
to  make  the  Internet  reliable  for  your  use  —  unless 
you  are  willing  to  pay  me  to  do  so.  And  if  the  mes¬ 
sage  should  get  swallowed  by  an  anti-spam  filter, 
well,  that’s  just  life  —  try  resending  with  something 
less  spam-like. 

Now  this  desire  to  have  receipts  and  reads  con¬ 
firmed  has  gained  a  new  angle  with  a  system 
called  DidTheyReadlt,  which  you  can  find,  you 
guessed  it,  at  www.didtheyreadit.com.  In  effect  this 
system  equips  e-mail  so  that  you  can  find  out 
when  the  recipient  opened  the  message  (or  more 
accurately,  when  the  recipient  rendered  HTML  con¬ 


tent)  along  with  a  number  of  other  bits  of  data 
about  the  person,  their  browser  and  their  approxi¬ 
mate  location. 

But  my  question  is:  Do  you  really  need  this  level 
of  confirmation  or  amount  of  detail?  How  many 
messages  do  you  send  and  receive  that  are  really 
critical?  Face  it,  if  there  is  a  real  need  for  con¬ 
firmed  delivery,  you  would  be  crazy  not  to  use 
the  phone! 

Plus,  there’s  the  issue  of  privacy. 

Do  you  really  want  every  message  received  by 
you  to  provide  the  sender  with  any  greater  level 
of  knowledge  about  you  than  they  absolutely 
need  to  have? 

Nope,  the  amount  of  information  that  we  already 
give  away  —  much  of  it  unwittingly  —  is  usually 
far  more  than  is  a  good  idea.  Anything  that  increas¬ 
es  the  exposure  of  our  information  and  makes  e- 
mail  less  compelling  for  the  business  world  is  not 
a  good  idea.  So  when  that  read  receipt  request 
pops  up,  just  say  no.  As  for  DidTheyReadlt,  see 
Gearhead  next  week. 

Give  nothing  away  to  backspin@gibbs.com. 

(If  you’re  going  to  be  at  the  Inbox  Conference  in 
San  Jose  next  week  come  and  join  in  sessions  S7 
and  S8  on  June  2,  which  I  will  be  moderating .) 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


Pumped  up  about  Gasbuddy.com 

Paid  two  bucks  a  gallon  for  gas  the 
other  day  . . .  first  time.  And  while  I 

know  many  of  you  have  suffered  this  indignity  for  a  while,  the  experience  test¬ 
ed  my  stoicism  about  the  ebb  and  flow  of  prices  at  the  pump. 

It  also  made  all  the  more  satisfying  my  first  trip  to  www.gasbuddy.com,  a  site 
that  has  seen  traffic  skyrocket  from  30,000  to  a  half-million  daily  visitors  since 
January,  according  to  co-founder  JasonToewes. 

A  nonprofit  outfit  that  boasts  174  affiliated  Web  sites,  Gasbuddy  uses  a  ros¬ 
ter  of  110,000  volunteers  to  keep  motorists  abreast  of  the  best  gas  deals  avail¬ 
able  where  they  live,  no  matter  how  miserable  those  deals  may  be  these  days. 
The  spotters  report  price  information  about  the  stations  they  pass  in  their 
travels,  with  some  actually  going  out  of  their  way  to  gather  prices  much  as  bird 
watchers  seek  rarities. The  resultant  database  lets  visitors  see  at  a  glance 
which  stations  near  them  are  charging  the  least  and  most,  a  spread  that  can 
reach  20%  within  a  few  blocks,  according  to  Gasbuddy.  (A  similar  commercial 
site,  www.gaspricewatch.com,  does  much  the  same  thing.) 

The  gas-price  watchers  are  prime  examples  of  a  growing  Web  site  trend  that 
enlists  armies  of  like-minded  volunteers  to  collect  information  about  this  or 
that  and  present  the  results  online  for  amusement,  social  good  and  perhaps  a 
shot  at  business  profit. 

The  New  York  Times  recently  profiled  an  oddball  example  —  www.payphone- 
project.com  —  that  pairs  up  the  physical  locations  and  numbers  of  a  half-mil¬ 
lion  pay  phones,  information  the  telephone  companies  refuse  to  make  public 
and  the  public  apparently  finds  useful  in  ways  both  trivial  and  dramatic. 
Another  I  stumbled  across  last  week  —  the  National  Incident  Notification 
Network  —  enlists  owners  of  police  and  fire  scanners  to  scoop  the  press  by 
reporting  car  accidents,  plane  crashes  and  other  neighborhood  carnage  to 


www.ninn.org  the  moment  it  crackles  across  emergency  channels. 

The  gas  sites  are  clearly  more  practical,  of  course,  especially  given  the  cur¬ 
rent  run-up  in  prices. 

On  my  visit,  Gasbuddy  had  prices  for  several  of  the  stations  I  frequent.  One 
had  the  highest  prices  in  my  region,  while  the  other  had  the  second-lowest. 
Guess  which  one  is  more  likely  to  get  my  future  business? 

Utility  aside,  it  seems  to  me  that  volunteer-dependent  sites  of  this  nature  are 
ripe  for  producing  erroneous  data,  both  of  the  accidental  and  fraudulent  vari¬ 
eties.  However,  Toewes  insists  that  Gasbuddy  has  mechanisms  in  place  for 
flagging  both  and  doesn't  hesitate  to  ban  shady  operators  from  posting  prices. 

Yes,  I  understand  that  gas  prices  today  are  not  historically  high  when  adjusted 
for  inflation,  but  they're  plenty  high  enough  to  annoy.  So  why  pay  more  when 
another  station  down  the  street  is  charging  less  and  all  it  takes  to  find  the  bar¬ 
gain  is  a  mouse  click  or  two? 

Heck,  yes,  I'm  glad  to  be  back 

People  mean  well,  of  course,  but  the  question  —  "Are  you  glad  to  be 
back?”  —  started  to  strike  me  as  amusing  after  about  the  fourth  or  fifth 
instance. 

A  month  and  a  half  ago,  a  surgeon  cracked  open  my  chest  and  yanked  an 
egg-sized  tumor  off  my  heart.The  tumor  turned  out  to  be  benign,  but  coming 
as  this  did  on  top  of  my  December  heart  attack  . . .  well,  you  might  under¬ 
stand  why  being  anywhere  other  than  a  hospital  bed  would  be  cause  for 
obvious  joy. 

But  before  we  settle  back  into  our  weekly  conversation  about  more  mun¬ 
dane  matters,  I’d  like  to  thank  my  colleagues  Adam  Gaffin  and  Melissa  Shaw 
for  so  ably  filling  this  space  in  my  absence.  And  many  thanks,  as  well,  to 
those  of  you  who  sent  messages  of  support. 

The  address  hasn  7  changed:  buzz@nww.com. 
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QWEST  iQ  NETWORKING  BRINGS  RADICAL  SIMPLICITY 
TO  NETWORK  MANAGEMENT. 


You  can  dream  up  any  number  of  ways  to  put  your  Qwest,  that  second  part  can  be  every  bit  as  easy  as 
network  to  good  use.  That’s  the  easy  part,  Then  you  the  first  part.  Just  tell  us  what  kind  of  performance 
have  to  figure  out  how  to  make  it  work — get  all  your  you  need  to  enable  your  business  applications, 

vendors  in  sync,  redefine  roles,  elirr  mate  that  capital  and  we'll  make  sure  you  get  it.  On  your  terms, 

expense  roadblock,  reconfigure  interconnections,  Guaranteed.  So  call  to  find  out  more  about  a  network 
etc.,  all  while  supporting  your  time-sensitive  apps  that’s  tuned  to  your  needs,  And  start  dreaming  up 

and  ensuring  the  security  of  your  network.  But  with  new  stuff  to  do  with  your  network, 


or  visit  qwest.com/networksolutions 


Spirit  of  Service \ 


VOICE 


Qwest  iQ  Networking'”:  Qwest  iQ  Networking  is  a  suite  of  WAN  services  with  domestic  and  international  availability  depending  on  services  selected.  Recurring  fees  vary  depenr 
on  services  ordered.  Additional  equipment  may  be  required.  All  trademarks  are  the  property  of  Qwest  Communications  international  Inc.  ©2004  Qwest.  All  rights  reservedj 
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BrightStor®  ARCserve®  Backup  Release  11 

Faster  and  easier  to  use  than  ever. 

When  it  comes  to  data  backup  and  recovery,  you  want  a  reliable,  high-performance  solution  you 
can  count  on.  That's  why  we've  created  BrightStor  ARCserve  Backup  Release  11,  featuring  the 
very  latest  in  storage  innovations.  BrightStor  ARCserve  Backup  is  faster  and  easier  than  ever, 
enhancing  both  efficiency  and  productivity.  And  with  CA's  superior  technology,  you  can  be 
confident  your  files  are  properly  backed  up  and  will  easily  be  restored  should  a  disaster  occur. 
For  more  information,  go  to  ca.com/storage/arcserve. 


a  Free  trial  of  BrightStor 

ARCserve  Backup  Release  11. 
Visit  ca.com/storage/arcserve 
or  call  1-866-558-2798. 
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